Attachment #430294 for bug #562050

Lines 65-70 static DH *get_dh1024() Link Here

(-)a/src/network/ssl/qsslcontext_openssl.cpp (-4 / +11 lines)
65	return dh;	65	return dh;
66	}	66	}
67		67
		68	static bool q_enableECSetCurves() {
		69	// The ability to select elliptic curves is
		70	// present in OpenSSL 1.0.2+ but not in LibreSSL.
		71	// RFC4492 Section 5.1.1 "Supported Elliptic Curves Extension"
		72	return q_SSLeay() >= 0x10002000L && !q_LibreSSL();
		73	}
		74
68	QSslContext::QSslContext()	75	QSslContext::QSslContext()
69	: ctx(0),	76	: ctx(0),
70	pkey(0),	77	pkey(0),
Lines 340-348 init_context: Link Here
340		347
341	const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves();	348	const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves();
342	if (!qcurves.isEmpty()) {	349	if (!qcurves.isEmpty()) {
343	#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)	350	#if defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC)
344	// Set the curves to be used	351	// Set the curves to be used
345	if (q_SSLeay() >= 0x10002000L) {	352	if (q_enableECSetCurves()) {
346	// SSL_CTX_ctrl wants a non-const pointer as last argument,	353	// SSL_CTX_ctrl wants a non-const pointer as last argument,
347	// but let's avoid a copy into a temporary array	354	// but let's avoid a copy into a temporary array
348	if (!q_SSL_CTX_ctrl(sslContext->ctx,	355	if (!q_SSL_CTX_ctrl(sslContext->ctx,
Lines 354-363 init_context: Link Here
354	return sslContext;	361	return sslContext;
355	}	362	}
356	} else	363	} else
357	#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)	364	#endif // defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC)
358	{	365	{
359	// specific curves requested, but not possible to set -> error	366	// specific curves requested, but not possible to set -> error
360	sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2"));	367	sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("This version of OpenSSL lacks support for selecting specific elliptic curves."));
361	sslContext->errorCode = QSslError::UnspecifiedError;	368	sslContext->errorCode = QSslError::UnspecifiedError;
362	return sslContext;	369	return sslContext;
363	}	370	}

Lines 1000-1005 bool q_resolveOpenSslSymbols() Link Here

(-)a/src/network/ssl/qsslsocket_openssl_symbols.cpp (+5 lines)
1000	#endif	1000	#endif
1001	return true;	1001	return true;
1002	}	1002	}
		1003
		1004	bool q_LibreSSL()
		1005	{
		1006	return strncmp(q_SSLeay_version(SSLEAY_VERSION), "LibreSSL", 8) == 0;
		1007	}
1003	#endif // !defined QT_LINKED_OPENSSL	1008	#endif // !defined QT_LINKED_OPENSSL
1004		1009
1005	//==============================================================================	1010	//==============================================================================

Lines 209-214 QT_BEGIN_NAMESPACE Link Here

(-)a/src/network/ssl/qsslsocket_openssl_symbols_p.h (+1 lines)
209	#endif // !defined QT_LINKED_OPENSSL	209	#endif // !defined QT_LINKED_OPENSSL
210		210
211	bool q_resolveOpenSslSymbols();	211	bool q_resolveOpenSslSymbols();
		212	bool q_LibreSSL();
212	long q_ASN1_INTEGER_get(ASN1_INTEGER *a);	213	long q_ASN1_INTEGER_get(ASN1_INTEGER *a);
213	unsigned char * q_ASN1_STRING_data(ASN1_STRING *a);	214	unsigned char * q_ASN1_STRING_data(ASN1_STRING *a);
214	int q_ASN1_STRING_length(ASN1_STRING *a);	215	int q_ASN1_STRING_length(ASN1_STRING *a);

Return to bug 562050