Bug#891872: transition: curl

[Jan Niehusmann <jan@gondor.com>]

Hi,

On Fri, Mar 02, 2018 at 10:04:44AM +0100, Emilio Pozuelo Monfort wrote:
> Also zurl seems to need Qt with openssl 1.1, which is only in experimental atm.
> That shouldn't be a blocker for this though (we can temporarily kick it from
> testing if necessary). But let's wait a bit and see.

I don't think that's necessary, as there is no direct interaction
between both instances of openssl through zurl.

The only code I found which uses both QSsl and OpenSSL is in
src/websocket.cpp:

#ifdef HAVE_OPENSSL
                                QSslCertificate cert = sock->peerCertificate();
                                QByteArray der = cert.toDer();
                                const unsigned char *p = (const unsigned char *)der.data();
                                X509 *opensslCert = d2i_X509(NULL, &p, der.size());
                                if(opensslCert)
                                {
                                        if(verifyhost(connectHost.toUtf8().data(), opensslCert) == CURLE_OK)
                                                hostMismatchOk = true;

                                        X509_free(opensslCert);
                                }
#endif

It loads a certificate from QSsl, converts it to a DER formatted char
array, and builds an OpenSSL X509 struct from that. Looks like a rather
stable interface to me.

I uploaded a version of zurl built against openssl 1.1 to experimental
an hour ago: https://tracker.debian.org/news/937630

If somebody cares, another pair of eyes looking through the zurl source
code would be appreciated, of course.

Jan