From owner-svn-ports-head@freebsd.org  Wed Feb 22 19:38:33 2017
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A2D8CE9EFE;
 Wed, 22 Feb 2017 19:38:33 +0000 (UTC)
 (envelope-from rezny@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 083DBE;
 Wed, 22 Feb 2017 19:38:32 +0000 (UTC)
 (envelope-from rezny@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1MJcWZi035329;
 Wed, 22 Feb 2017 19:38:32 GMT (envelope-from rezny@FreeBSD.org)
Received: (from rezny@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1MJcVbY035327;
 Wed, 22 Feb 2017 19:38:31 GMT (envelope-from rezny@FreeBSD.org)
Message-Id: <201702221938.v1MJcVbY035327@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: rezny set sender to
 rezny@FreeBSD.org using -f
From: Matthew Rezny <rezny@FreeBSD.org>
Date: Wed, 22 Feb 2017 19:38:31 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r434634 - head/net/qt4-network/files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 19:38:33 -0000

Author: rezny
Date: Wed Feb 22 19:38:31 2017
New Revision: 434634
URL: https://svnweb.freebsd.org/changeset/ports/434634

Log:
  Adjust SSL patches to match behavior of Qt5 in regards to SSL/TLS versions.
  
  PR:		216781
  Approved by:	swills (mentor)
  Differential Revision:	https://reviews.freebsd.org/D9727

Modified:
  head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
  head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp

Modified: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
==============================================================================
--- head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp	Wed Feb 22 19:29:56 2017	(r434633)
+++ head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp	Wed Feb 22 19:38:31 2017	(r434634)
@@ -1,21 +1,31 @@
+* Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols
+*
 --- src/network/ssl/qsslsocket_openssl.cpp.orig	2015-05-07 14:14:44 UTC
 +++ src/network/ssl/qsslsocket_openssl.cpp
-@@ -267,15 +267,14 @@ init_context:
+@@ -267,9 +267,13 @@ init_context:
  #endif
          break;
      case QSsl::SslV3:
--        ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
++#ifndef OPENSSL_NO_SSL3_METHOD
+         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
++#else
 +        ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
++#endif
          break;
 -    case QSsl::SecureProtocols: // SslV2 will be disabled below
--    case QSsl::TlsV1SslV3: // SslV2 will be disabled below
++    case QSsl::SecureProtocols: // SslV2/3 will be disabled below
+     case QSsl::TlsV1SslV3: // SslV2 will be disabled below
      case QSsl::AnyProtocol:
--    default:
-         ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
-         break;
-     case QSsl::TlsV1:
-+    case QSsl::SecureProtocols:
-+    default:
-         ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
-         break;
-     }
+     default:
+@@ -297,8 +301,10 @@ init_context:
+ 
+     // Enable bug workarounds.
+     long options;
+-    if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols)
++    if (configuration.protocol == QSsl::TlsV1SslV3)
+         options = SSL_OP_ALL|SSL_OP_NO_SSLv2;
++    else if (configuration.protocol == QSsl::SecureProtocols)
++        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
+     else
+         options = SSL_OP_ALL;
+ 

Modified: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp
==============================================================================
--- head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp	Wed Feb 22 19:29:56 2017	(r434633)
+++ head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp	Wed Feb 22 19:38:31 2017	(r434634)
@@ -1,3 +1,6 @@
+* Prepend the path of the SSL libraries used for building so the same libraries are
+* found and loaded at runtime. Normal search finds base SSL libraries before ports.
+*
 --- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2015-05-07 14:14:44 UTC
 +++ src/network/ssl/qsslsocket_openssl_symbols.cpp
 @@ -511,9 +511,9 @@ static QPair<QLibrary*, QLibrary*> loadO
@@ -5,10 +8,10 @@
  #elif defined(SHLIB_VERSION_NUMBER)
      // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
 -    libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER));
-+    libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), QLatin1String(SHLIB_VERSION_NUMBER));
++    libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER));
      libssl->setLoadHints(QLibrary::ImprovedSearchHeuristics);
 -    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER));
-+    libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/lib/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER));
++    libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER));
      libcrypto->setLoadHints(libcrypto->loadHints() | QLibrary::ImprovedSearchHeuristics);
      if (libcrypto->load() && libssl->load()) {
          // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
@@ -18,8 +21,8 @@
      // second attempt: find the development files libssl.so and libcrypto.so
 -    libssl->setFileNameAndVersion(QLatin1String("ssl"), -1);
 -    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1);
-+    libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), -1);
-+    libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/lib/libcrypto"), -1);
++    libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1);
++    libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1);
      if (libcrypto->load() && libssl->load()) {
          // libssl.so.0 and libcrypto.so.0 found
          return pair;