Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

To: Gert Wollny <gw.fossdev@gmail.com>
Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org
Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
From: Kurt Roeckx <kurt@roeckx.be>
Date: Tue, 28 Jun 2016 20:45:18 +0200
Message-id: <[🔎] 20160628184517.GA19317@roeckx.be>
In-reply-to: <[🔎] 1467135387.1079.4.camel@gmail.com>
References: <20160611123036.GA8321@roeckx.be> <[🔎] 1467036065.5655.13.camel@gmail.com> <[🔎] 1467040008.5655.25.camel@gmail.com> <[🔎] 3033190.1z6H7ZysEY@luna> <[🔎] 20160627182544.GA2623@roeckx.be> <[🔎] 1467060584.5655.39.camel@gmail.com> <[🔎] CA+QPbz0tHMDhhgL0ffaF-toq5c97FchBzZfTOMo393=W0gMC+g@mail.gmail.com> <[🔎] 1467110777.19720.12.camel@gmail.com> <[🔎] 20160628151115.GA24444@roeckx.be> <[🔎] 1467135387.1079.4.camel@gmail.com>

On Tue, Jun 28, 2016 at 07:36:27PM +0200, Gert Wollny wrote:
> Okay, the attached patch corrects this. 

I had a quick look at the patch and have some comments.

> --- a/src/network/ssl/qsslcertificate.cpp
> +++ b/src/network/ssl/qsslcertificate.cpp
> @@ -259,10 +259,15 @@
>  QByteArray QSslCertificate::version() const
>  {
>      QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
> -    if (d->versionString.isEmpty() && d->x509)
> +    if (d->versionString.isEmpty() && d->x509) {
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
>          d->versionString =
> -            QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
> -
> +	    QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
> +#else
> +        d->versionString =
> +	    QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
> +#endif

X509_get_version() exist in old versions (as macro), there is no
reason to have the version check, just always use it.

> @@ -276,7 +281,11 @@
>  {
>      QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
>      if (d->serialNumberString.isEmpty() && d->x509) {
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
>          ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
> +#else
> +        ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
> +#endif

Same as above.


> @@ -489,24 +498,33 @@
>      QSslKey key;
>  
>      key.d->type = QSsl::PublicKey;
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
>      X509_PUBKEY *xkey = d->x509->cert_info->key;
> +#else
> +    X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509);
> +#endif
>      EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
>      Q_ASSERT(pkey);
>  
> -    if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
> +    int key_id;
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +    key_id = q_EVP_PKEY_type(pkey->type);
> +#else
> +    key_id = q_EVP_PKEY_id(pkey);
> +#endif

You probably want EVP_PKEY_base_id here, look at the manpage.

> +    if (key_id == EVP_PKEY_RSA) {
>          key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
>          key.d->algorithm = QSsl::Rsa;
>          key.d->isNull = false;
> -    } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
> +    } else if (key_id == EVP_PKEY_DSA) {
>          key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
>          key.d->algorithm = QSsl::Dsa;
>          key.d->isNull = false;
> -    } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
> +    } else if (key_id == EVP_PKEY_DH) {
>          // DH unsupported
>      } else {
>          // error?
>      }

As already explain, you want to have EC support.

>  
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +	  q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
> +#else
> +	  q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
> +#endif

SSL_CTX_get_cert_store should exist in old version.


Kurt

Reply to:

Follow-Ups:
- Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Gert Wollny <gw.fossdev@gmail.com>

References:
- Bug#828522: OpenSSL 1.1.0
  - From: Gert Wollny <gw.fossdev@gmail.com>
- Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Gert Wollny <gw.fossdev@gmail.com>
- Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
- Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Kurt Roeckx <kurt@roeckx.be>
- Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Gert Wollny <gw.fossdev@gmail.com>
- Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
- Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Gert Wollny <gw.fossdev@gmail.com>
- Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
  - From: Gert Wollny <gw.fossdev@gmail.com>

Prev by Date: libkf5pimcommon_16.04.2-1_source.changes ACCEPTED into experimental
Next by Date: Bug#828878: charmtimetracker: FTBFS: qglobal.h:1087:4: error: #error "You must build your code with position independent code if Qt was built with -reduce-relocations. "
Previous by thread: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
Next by thread: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
Index(es):
- Date
- Thread