Date: Wed, 22 Feb 2017 19:38:31 +0000 (UTC) From: Matthew Rezny <rezny@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r434634 - head/net/qt4-network/files Message-ID: <201702221938.v1MJcVbY035327@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rezny Date: Wed Feb 22 19:38:31 2017 New Revision: 434634 URL: https://svnweb.freebsd.org/changeset/ports/434634 Log: Adjust SSL patches to match behavior of Qt5 in regards to SSL/TLS versions. PR: 216781 Approved by: swills (mentor) Differential Revision: https://reviews.freebsd.org/D9727 Modified: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Modified: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp ============================================================================== --- head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp Wed Feb 22 19:29:56 2017 (r434633) +++ head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp Wed Feb 22 19:38:31 2017 (r434634) @@ -1,21 +1,31 @@ +* Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols +* --- src/network/ssl/qsslsocket_openssl.cpp.orig 2015-05-07 14:14:44 UTC +++ src/network/ssl/qsslsocket_openssl.cpp -@@ -267,15 +267,14 @@ init_context: +@@ -267,9 +267,13 @@ init_context: #endif break; case QSsl::SslV3: -- ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); ++#ifndef OPENSSL_NO_SSL3_METHOD + ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); ++#else + ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error ++#endif break; - case QSsl::SecureProtocols: // SslV2 will be disabled below -- case QSsl::TlsV1SslV3: // SslV2 will be disabled below ++ case QSsl::SecureProtocols: // SslV2/3 will be disabled below + case QSsl::TlsV1SslV3: // SslV2 will be disabled below case QSsl::AnyProtocol: -- default: - ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); - break; - case QSsl::TlsV1: -+ case QSsl::SecureProtocols: -+ default: - ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); - break; - } + default: +@@ -297,8 +301,10 @@ init_context: + + // Enable bug workarounds. + long options; +- if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols) ++ if (configuration.protocol == QSsl::TlsV1SslV3) + options = SSL_OP_ALL|SSL_OP_NO_SSLv2; ++ else if (configuration.protocol == QSsl::SecureProtocols) ++ options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; + else + options = SSL_OP_ALL; + Modified: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp ============================================================================== --- head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Wed Feb 22 19:29:56 2017 (r434633) +++ head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Wed Feb 22 19:38:31 2017 (r434634) @@ -1,3 +1,6 @@ +* Prepend the path of the SSL libraries used for building so the same libraries are +* found and loaded at runtime. Normal search finds base SSL libraries before ports. +* --- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2015-05-07 14:14:44 UTC +++ src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -511,9 +511,9 @@ static QPair<QLibrary*, QLibrary*> loadO @@ -5,10 +8,10 @@ #elif defined(SHLIB_VERSION_NUMBER) // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER> - libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER)); -+ libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), QLatin1String(SHLIB_VERSION_NUMBER)); ++ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER)); libssl->setLoadHints(QLibrary::ImprovedSearchHeuristics); - libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER)); -+ libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/lib/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER)); ++ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER)); libcrypto->setLoadHints(libcrypto->loadHints() | QLibrary::ImprovedSearchHeuristics); if (libcrypto->load() && libssl->load()) { // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found @@ -18,8 +21,8 @@ // second attempt: find the development files libssl.so and libcrypto.so - libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); - libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1); -+ libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), -1); -+ libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/lib/libcrypto"), -1); ++ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1); ++ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1); if (libcrypto->load() && libssl->load()) { // libssl.so.0 and libcrypto.so.0 found return pair;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702221938.v1MJcVbY035327>