Lines 71-76
static DH *get_dh1024()
Link Here
|
71 |
return dh; |
71 |
return dh; |
72 |
} |
72 |
} |
73 |
|
73 |
|
|
|
74 |
static bool q_enableECSetCurves() { |
75 |
// The ability to select elliptic curves is |
76 |
// present in OpenSSL 1.0.2+ but not in LibreSSL. |
77 |
// RFC4492 Section 5.1.1 "Supported Elliptic Curves Extension" |
78 |
return q_SSLeay() >= 0x10002000L && !q_LibreSSL(); |
79 |
} |
80 |
|
74 |
QSslContext::QSslContext() |
81 |
QSslContext::QSslContext() |
75 |
: ctx(0), |
82 |
: ctx(0), |
76 |
pkey(0), |
83 |
pkey(0), |
Lines 346-354
init_context:
Link Here
|
346 |
|
353 |
|
347 |
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); |
354 |
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); |
348 |
if (!qcurves.isEmpty()) { |
355 |
if (!qcurves.isEmpty()) { |
349 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |
356 |
#if defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) |
350 |
// Set the curves to be used |
357 |
// Set the curves to be used |
351 |
if (q_SSLeay() >= 0x10002000L) { |
358 |
if (q_enableECSetCurves()) { |
352 |
// SSL_CTX_ctrl wants a non-const pointer as last argument, |
359 |
// SSL_CTX_ctrl wants a non-const pointer as last argument, |
353 |
// but let's avoid a copy into a temporary array |
360 |
// but let's avoid a copy into a temporary array |
354 |
if (!q_SSL_CTX_ctrl(sslContext->ctx, |
361 |
if (!q_SSL_CTX_ctrl(sslContext->ctx, |
Lines 359-368
init_context:
Link Here
|
359 |
sslContext->errorCode = QSslError::UnspecifiedError; |
366 |
sslContext->errorCode = QSslError::UnspecifiedError; |
360 |
} |
367 |
} |
361 |
} else |
368 |
} else |
362 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |
369 |
#endif // defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) |
363 |
{ |
370 |
{ |
364 |
// specific curves requested, but not possible to set -> error |
371 |
// specific curves requested, but not possible to set -> error |
365 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); |
372 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("This version of OpenSSL lacks support for selecting specific elliptic curves.")); |
366 |
sslContext->errorCode = QSslError::UnspecifiedError; |
373 |
sslContext->errorCode = QSslError::UnspecifiedError; |
367 |
} |
374 |
} |
368 |
} |
375 |
} |