Bug#891872: transition: curl
Hi,
On Fri, Mar 02, 2018 at 10:04:44AM +0100, Emilio Pozuelo Monfort wrote:
> Also zurl seems to need Qt with openssl 1.1, which is only in experimental atm.
> That shouldn't be a blocker for this though (we can temporarily kick it from
> testing if necessary). But let's wait a bit and see.
I don't think that's necessary, as there is no direct interaction
between both instances of openssl through zurl.
The only code I found which uses both QSsl and OpenSSL is in
src/websocket.cpp:
#ifdef HAVE_OPENSSL
QSslCertificate cert = sock->peerCertificate();
QByteArray der = cert.toDer();
const unsigned char *p = (const unsigned char *)der.data();
X509 *opensslCert = d2i_X509(NULL, &p, der.size());
if(opensslCert)
{
if(verifyhost(connectHost.toUtf8().data(), opensslCert) == CURLE_OK)
hostMismatchOk = true;
X509_free(opensslCert);
}
#endif
It loads a certificate from QSsl, converts it to a DER formatted char
array, and builds an OpenSSL X509 struct from that. Looks like a rather
stable interface to me.
I uploaded a version of zurl built against openssl 1.1 to experimental
an hour ago: https://tracker.debian.org/news/937630
If somebody cares, another pair of eyes looking through the zurl source
code would be appreciated, of course.
Jan
Reply to: