diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-01 15:58:30 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-04 12:36:53 (GMT) |
commit | 206b614f2e9623d792e6f398bf11765a44c272f5 (patch) | |
tree | 409de97cd08e70e7f61035aff87dcbd6c9fd53a3 /src | |
parent | 7458c4bb9a0f6f925cb6002d3b664bbbc21e75ef (diff) | |
download | Qt-206b614f2e9623d792e6f398bf11765a44c272f5.zip Qt-206b614f2e9623d792e6f398bf11765a44c272f5.tar.gz Qt-206b614f2e9623d792e6f398bf11765a44c272f5.tar.bz2 |
SSL backend: check at runtime for the right OpenSSL version for SNI
SNI = Server Name Indication. The function "SSL_ctrl()" has been there
since always in OpenSSL, but not with the specific enum
SSL_CTRL_SET_TLSEXT_HOSTNAME, so let's avoid the call for older
versions.
Additionally, fix the resolving of SSL_CTX_load_verify_locations for
Symbian (is not used in Symbian yet).
Reviewed-by: Markus Goetz
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 5 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_p.h | 1 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 5 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols_p.h | 1 |
4 files changed, 9 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 455a49f1..646889c 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -393,14 +393,15 @@ init_context: } #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) - if (client) { + if (client && q_SSLeay() >= 0x00090806fL) { // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; if (tlsHostName.isEmpty()) tlsHostName = hostName; QByteArray ace = QUrl::toAce(tlsHostName); if (!ace.isEmpty()) { - q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData()); + if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData())) + qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled"); } } #endif diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h index 02d70f9..ca49fab 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h +++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -79,6 +79,7 @@ #include <openssl/x509_vfy.h> #include <openssl/dsa.h> #include <openssl/rsa.h> +#include <openssl/crypto.h> #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) #include <openssl/tls1.h> #endif diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 732fc86..b1310cc 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -266,6 +266,7 @@ DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) +DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) #ifdef Q_OS_SYMBIAN #define RESOLVEFUNC(func, ordinal, lib) \ @@ -606,6 +607,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSLv3_server_method, 197, libs.first ) RESOLVEFUNC(SSLv23_server_method, 191, libs.first ) RESOLVEFUNC(TLSv1_server_method, 200, libs.first ) + RESOLVEFUNC(SSL_CTX_load_verify_locations, 34, libs.first ) RESOLVEFUNC(X509_NAME_oneline, 1830, libs.second ) RESOLVEFUNC(X509_PUBKEY_get, 1844, libs.second ) RESOLVEFUNC(X509_STORE_free, 1939, libs.second ) @@ -637,7 +639,7 @@ bool q_resolveOpenSslSymbols() #endif RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf, 1153, libs.second ) RESOLVEFUNC(OPENSSL_add_all_algorithms_conf, 1152, libs.second ) - RESOLVEFUNC(SSL_CTX_load_verify_locations, 34, libs.second ) + RESOLVEFUNC(SSLeay, 1504, libs.second ) #else // Q_OS_SYMBIAN #ifdef SSLEAY_MACROS RESOLVEFUNC(ASN1_dup) @@ -766,6 +768,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) RESOLVEFUNC(SSL_CTX_load_verify_locations) + RESOLVEFUNC(SSLeay) #endif // Q_OS_SYMBIAN symbolsResolved = true; delete libs.first; diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index 5aab8d7..49830ac 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -416,6 +416,7 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); void q_OPENSSL_add_all_algorithms_noconf(); void q_OPENSSL_add_all_algorithms_conf(); int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); +long q_SSLeay(); // Helper function class QDateTime; |