void-packages/srcpkgs/qt5/patches/fix-nss321.patch

47 lines
1.4 KiB
Diff

--- qtwebengine/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc 2016-01-14 17:11:38.432633534 +0100
@@ -57,6 +57,10 @@
#include "net/ssl/ssl_platform_key.h"
#endif
+#if defined(USE_NSS_CERTS) || defined(OS_IOS)
+#include "net/cert_net/nss_ocsp.h"
+#endif
+
namespace net {
namespace {
@@ -795,6 +799,14 @@
DCHECK(!ssl_);
DCHECK(!transport_bio_);
+#if defined(USE_NSS_CERTS) || defined(OS_IOS)
+ if (ssl_config_.cert_io_enabled) {
+ // TODO(davidben): Move this out of SSLClientSocket. See
+ // https://crbug.com/539520.
+ EnsureNSSHttpIOInit();
+ }
+#endif
+
SSLContext* context = SSLContext::GetInstance();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
--- qtwebengine/src/core/config/linux.pri 2015-12-14 16:27:24.000000000 +0100
+++ qtwebengine/src/core/config/linux.pri 2016-01-14 17:31:05.765975551 +0100
@@ -18,7 +18,13 @@
use_kerberos=0 \
use_pango=0
-!use?(nss) {
+use?(nss) {
+# do a "chimera build" (BoringSSL code, NSS certs): This is the default in
+# Chromium 47+, and it is the only variant that works with NSS 3.21.
+ GYP_CONFIG += use_nss_certs=1 \
+ use_openssl=1 \
+ use_openssl_certs=0
+} else {
GYP_CONFIG += use_nss_certs=0 \
use_openssl=1 \
use_openssl_certs=1