405 lines
21 KiB
Diff
405 lines
21 KiB
Diff
--- qtbase/src/network/ssl/qsslellipticcurve_openssl.cpp 2017-01-18 15:20:58.000000000 +0100
|
|
+++ qtbase/src/network/ssl/qsslellipticcurve_openssl.cpp 2017-02-21 16:25:56.477986158 +0100
|
|
@@ -82,7 +82,7 @@
|
|
|
|
int nid = q_OBJ_sn2nid(curveNameLatin1.data());
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if (nid == 0 && q_SSLeay() >= 0x10002000L)
|
|
nid = q_EC_curve_nist2nid(curveNameLatin1.data());
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
--- qtbase/src/network/ssl/qsslsocket_openssl.cpp 2017-01-18 15:20:58.000000000 +0100
|
|
+++ qtbase/src/network/ssl/qsslsocket_openssl.cpp 2017-02-21 19:12:22.200604090 +0100
|
|
@@ -94,7 +94,7 @@
|
|
bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
|
|
bool QSslSocketPrivate::s_loadRootCertsOnDemand = false;
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1;
|
|
#endif
|
|
|
|
@@ -191,7 +191,7 @@
|
|
return (quintptr)QThread::currentThreadId();
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_PSK) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
static unsigned int q_ssl_psk_client_callback(SSL *ssl,
|
|
const char *hint,
|
|
char *identity, unsigned int max_identity_len,
|
|
@@ -328,7 +328,7 @@
|
|
options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
|
|
else if (protocol == QSsl::TlsV1_0OrLater)
|
|
options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
// Choosing Tlsv1_1OrLater or TlsV1_2OrLater on OpenSSL < 1.0.1
|
|
// will cause an error in QSslContext::fromConfiguration, meaning
|
|
// we will never get here.
|
|
@@ -437,13 +437,13 @@
|
|
else
|
|
q_SSL_set_accept_state(ssl);
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
// Save a pointer to this object into the SSL structure.
|
|
if (q_SSLeay() >= 0x10001000L)
|
|
q_SSL_set_ex_data(ssl, s_indexForSSLExtraData, this);
|
|
#endif
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_PSK) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
// Set the client callback for PSK
|
|
if (q_SSLeay() >= 0x10001000L) {
|
|
if (mode == QSslSocket::SslClientMode)
|
|
@@ -506,7 +506,7 @@
|
|
q_SSL_load_error_strings();
|
|
q_OpenSSL_add_all_algorithms();
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if (q_SSLeay() >= 0x10001000L)
|
|
QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
|
#endif
|
|
@@ -1594,7 +1594,7 @@
|
|
}
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status;
|
|
if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) {
|
|
@@ -1603,7 +1603,7 @@
|
|
} else {
|
|
const unsigned char *proto = 0;
|
|
unsigned int proto_len = 0;
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if (q_SSLeay() >= 0x10002000L) {
|
|
q_SSL_get0_alpn_selected(ssl, &proto, &proto_len);
|
|
if (proto_len && mode == QSslSocket::SslClientMode) {
|
|
@@ -1626,7 +1626,7 @@
|
|
}
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ...
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) {
|
|
EVP_PKEY *key;
|
|
if (q_SSL_get_server_tmp_key(ssl, &key))
|
|
--- qtbase/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-01-18 15:20:58.000000000 +0100
|
|
+++ qtbase/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-02-21 19:14:32.805677245 +0100
|
|
@@ -151,7 +151,7 @@
|
|
DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
|
|
DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
|
|
DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
|
|
#endif
|
|
DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return -1, return)
|
|
@@ -300,17 +300,17 @@
|
|
DEFINEFUNC(void, SSL_SESSION_free, SSL_SESSION *ses, ses, return, DUMMYARG)
|
|
DEFINEFUNC(SSL_SESSION*, SSL_get1_session, SSL *ssl, ssl, return 0, return)
|
|
DEFINEFUNC(SSL_SESSION*, SSL_get_session, const SSL *ssl, ssl, return 0, return)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return)
|
|
DEFINEFUNC3(int, SSL_set_ex_data, SSL *ssl, ssl, int idx, idx, void *arg, arg, return 0, return)
|
|
DEFINEFUNC2(void *, SSL_get_ex_data, const SSL *ssl, ssl, int idx, idx, return NULL, return)
|
|
#endif
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_PSK) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
DEFINEFUNC2(void, SSL_set_psk_client_callback, SSL* ssl, ssl, q_psk_client_callback_t callback, callback, return, DUMMYARG)
|
|
DEFINEFUNC2(void, SSL_set_psk_server_callback, SSL* ssl, ssl, q_psk_server_callback_t callback, callback, return, DUMMYARG)
|
|
DEFINEFUNC2(int, SSL_CTX_use_psk_identity_hint, SSL_CTX* ctx, ctx, const char *hint, hint, return 0, return)
|
|
#endif
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
|
#ifndef OPENSSL_NO_SSL2
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#endif
|
|
@@ -319,7 +319,7 @@
|
|
#endif
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#endif
|
|
@@ -331,7 +331,7 @@
|
|
#endif
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#endif
|
|
@@ -414,7 +414,7 @@
|
|
DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return)
|
|
DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return)
|
|
DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return 0, return)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
DEFINEFUNC6(int, SSL_select_next_proto, unsigned char **out, out, unsigned char *outlen, outlen,
|
|
const unsigned char *in, in, unsigned int inlen, inlen,
|
|
const unsigned char *client, client, unsigned int client_len, client_len,
|
|
@@ -427,7 +427,7 @@
|
|
void *arg, arg, return, DUMMYARG)
|
|
DEFINEFUNC3(void, SSL_get0_next_proto_negotiated, const SSL *s, s,
|
|
const unsigned char **data, data, unsigned *len, len, return, DUMMYARG)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
DEFINEFUNC3(int, SSL_set_alpn_protos, SSL *s, s, const unsigned char *protos, protos,
|
|
unsigned protos_len, protos_len, return -1, return)
|
|
DEFINEFUNC3(void, SSL_CTX_set_alpn_select_cb, SSL_CTX *s, s,
|
|
@@ -451,7 +451,7 @@
|
|
DEFINEFUNC(EC_KEY *, EC_KEY_new_by_curve_name, int nid, nid, return 0, return)
|
|
DEFINEFUNC(void, EC_KEY_free, EC_KEY *ecdh, ecdh, return, DUMMYARG)
|
|
DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return)
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
#endif // OPENSSL_NO_EC
|
|
@@ -791,7 +791,7 @@
|
|
RESOLVEFUNC(EC_GROUP_get_degree)
|
|
#endif
|
|
RESOLVEFUNC(BN_num_bits)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
RESOLVEFUNC(BN_is_word)
|
|
#endif
|
|
RESOLVEFUNC(BN_mod_word)
|
|
@@ -912,12 +912,12 @@
|
|
RESOLVEFUNC(SSL_SESSION_free)
|
|
RESOLVEFUNC(SSL_get1_session)
|
|
RESOLVEFUNC(SSL_get_session)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
RESOLVEFUNC(SSL_get_ex_new_index)
|
|
RESOLVEFUNC(SSL_set_ex_data)
|
|
RESOLVEFUNC(SSL_get_ex_data)
|
|
#endif
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_PSK) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
RESOLVEFUNC(SSL_set_psk_client_callback)
|
|
RESOLVEFUNC(SSL_set_psk_server_callback)
|
|
RESOLVEFUNC(SSL_CTX_use_psk_identity_hint)
|
|
@@ -931,7 +931,7 @@
|
|
#endif
|
|
RESOLVEFUNC(SSLv23_client_method)
|
|
RESOLVEFUNC(TLSv1_client_method)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
RESOLVEFUNC(TLSv1_1_client_method)
|
|
RESOLVEFUNC(TLSv1_2_client_method)
|
|
#endif
|
|
@@ -943,7 +943,7 @@
|
|
#endif
|
|
RESOLVEFUNC(SSLv23_server_method)
|
|
RESOLVEFUNC(TLSv1_server_method)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
RESOLVEFUNC(TLSv1_1_server_method)
|
|
RESOLVEFUNC(TLSv1_2_server_method)
|
|
#endif
|
|
@@ -999,12 +999,12 @@
|
|
RESOLVEFUNC(SSLeay_version)
|
|
RESOLVEFUNC(i2d_SSL_SESSION)
|
|
RESOLVEFUNC(d2i_SSL_SESSION)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
RESOLVEFUNC(SSL_select_next_proto)
|
|
RESOLVEFUNC(SSL_CTX_set_next_proto_select_cb)
|
|
RESOLVEFUNC(SSL_get0_next_proto_negotiated)
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ...
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
RESOLVEFUNC(SSL_set_alpn_protos)
|
|
RESOLVEFUNC(SSL_CTX_set_alpn_select_cb)
|
|
RESOLVEFUNC(SSL_get0_alpn_selected)
|
|
@@ -1020,7 +1020,7 @@
|
|
RESOLVEFUNC(EC_KEY_new_by_curve_name)
|
|
RESOLVEFUNC(EC_KEY_free)
|
|
RESOLVEFUNC(EC_get_builtin_curves)
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if (q_SSLeay() >= 0x10002000L)
|
|
RESOLVEFUNC(EC_curve_nist2nid)
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
--- qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-01-18 15:20:58.000000000 +0100
|
|
+++ qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-02-21 19:15:38.083714302 +0100
|
|
@@ -228,7 +228,7 @@
|
|
Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem();
|
|
Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c);
|
|
int q_BN_num_bits(const BIGNUM *a);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
int q_BN_is_word(BIGNUM *a, BN_ULONG w);
|
|
#else
|
|
// BN_is_word is implemented purely as a
|
|
@@ -241,7 +241,7 @@
|
|
//
|
|
// Users are required to include <openssl/bn.h>.
|
|
#define q_BN_is_word BN_is_word
|
|
-#endif // OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
BN_ULONG q_BN_mod_word(const BIGNUM *a, BN_ULONG w);
|
|
#ifndef OPENSSL_NO_EC
|
|
const EC_GROUP* q_EC_KEY_get0_group(const EC_KEY* k);
|
|
@@ -387,19 +387,19 @@
|
|
void q_SSL_SESSION_free(SSL_SESSION *ses);
|
|
SSL_SESSION *q_SSL_get1_session(SSL *ssl);
|
|
SSL_SESSION *q_SSL_get_session(const SSL *ssl);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
|
|
int q_SSL_set_ex_data(SSL *ssl, int idx, void *arg);
|
|
void *q_SSL_get_ex_data(const SSL *ssl, int idx);
|
|
#endif
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_PSK) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
typedef unsigned int (*q_psk_client_callback_t)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len);
|
|
void q_SSL_set_psk_client_callback(SSL *ssl, q_psk_client_callback_t callback);
|
|
typedef unsigned int (*q_psk_server_callback_t)(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len);
|
|
void q_SSL_set_psk_server_callback(SSL *ssl, q_psk_server_callback_t callback);
|
|
int q_SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
|
|
-#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
|
|
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_PSK) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
|
#ifndef OPENSSL_NO_SSL2
|
|
const SSL_METHOD *q_SSLv2_client_method();
|
|
#endif
|
|
@@ -509,13 +509,13 @@
|
|
|
|
// EC curves management
|
|
size_t q_EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
int q_EC_curve_nist2nid(const char *name);
|
|
-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
#endif // OPENSSL_NO_EC
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
#define q_SSL_get_server_tmp_key(ssl, key) q_SSL_ctrl((ssl), SSL_CTRL_GET_SERVER_TMP_KEY, 0, (char *)key)
|
|
-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
// PKCS#12 support
|
|
int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
|
|
@@ -573,7 +573,7 @@
|
|
int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
|
|
SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length);
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
int q_SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
|
|
const unsigned char *in, unsigned int inlen,
|
|
const unsigned char *client, unsigned int client_len);
|
|
@@ -585,7 +585,7 @@
|
|
void *arg);
|
|
void q_SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
|
|
unsigned *len);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
int q_SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
|
|
unsigned protos_len);
|
|
void q_SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
|
|
@@ -598,7 +598,7 @@
|
|
void q_SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
|
|
unsigned *len);
|
|
#endif
|
|
-#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ...
|
|
+#endif // (OPENSSL_VERSION_NUMBER >= 0x1000100fL) && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
// Helper function
|
|
class QDateTime;
|
|
--- qtbase/src/network/ssl/qsslcontext_openssl.cpp 2017-01-18 15:20:58.000000000 +0100
|
|
+++ qtbase/src/network/ssl/qsslcontext_openssl.cpp 2017-02-21 19:23:04.291975945 +0100
|
|
@@ -126,7 +126,7 @@
|
|
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
|
|
break;
|
|
case QSsl::TlsV1_1:
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method());
|
|
#else
|
|
// TLS 1.1 not supported by the system, but chosen deliberately -> error
|
|
@@ -135,7 +135,7 @@
|
|
#endif
|
|
break;
|
|
case QSsl::TlsV1_2:
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method());
|
|
#else
|
|
// TLS 1.2 not supported by the system, but chosen deliberately -> error
|
|
@@ -149,7 +149,7 @@
|
|
break;
|
|
case QSsl::TlsV1_1OrLater:
|
|
case QSsl::TlsV1_2OrLater:
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
// Specific protocols will be specified via SSL options.
|
|
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
|
|
#else
|
|
@@ -330,7 +330,7 @@
|
|
}
|
|
|
|
#ifndef OPENSSL_NO_EC
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if (q_SSLeay() >= 0x10002000L) {
|
|
q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL);
|
|
} else
|
|
@@ -344,14 +344,14 @@
|
|
}
|
|
#endif // OPENSSL_NO_EC
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_PSK) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if (!client)
|
|
q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData());
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
|
|
|
|
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves();
|
|
if (!qcurves.isEmpty()) {
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
// Set the curves to be used
|
|
if (q_SSLeay() >= 0x10002000L) {
|
|
// SSL_CTX_ctrl wants a non-const pointer as last argument,
|
|
@@ -387,7 +387,7 @@
|
|
return sslContext;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
static int next_proto_cb(SSL *, unsigned char **out, unsigned char *outlen,
|
|
const unsigned char *in, unsigned int inlen, void *arg)
|
|
@@ -447,7 +447,7 @@
|
|
}
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG)
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
QList<QByteArray> protocols = sslConfiguration.d->nextAllowedProtocols;
|
|
if (!protocols.isEmpty()) {
|
|
m_supportedNPNVersions.clear();
|
|
@@ -462,7 +462,7 @@
|
|
m_npnContext.data = reinterpret_cast<unsigned char *>(m_supportedNPNVersions.data());
|
|
m_npnContext.len = m_supportedNPNVersions.count();
|
|
m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone;
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if (q_SSLeay() >= 0x10002000L) {
|
|
// Callback's type has a parameter 'const unsigned char ** out'
|
|
// since it was introduced in 1.0.2. Internally, OpenSSL's own code
|