summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2011-03-01 15:58:30 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2011-03-04 12:36:53 (GMT)
commit206b614f2e9623d792e6f398bf11765a44c272f5 (patch)
tree409de97cd08e70e7f61035aff87dcbd6c9fd53a3 /src
parent7458c4bb9a0f6f925cb6002d3b664bbbc21e75ef (diff)
downloadQt-206b614f2e9623d792e6f398bf11765a44c272f5.zip
Qt-206b614f2e9623d792e6f398bf11765a44c272f5.tar.gz
Qt-206b614f2e9623d792e6f398bf11765a44c272f5.tar.bz2
SSL backend: check at runtime for the right OpenSSL version for SNI
SNI = Server Name Indication. The function "SSL_ctrl()" has been there since always in OpenSSL, but not with the specific enum SSL_CTRL_SET_TLSEXT_HOSTNAME, so let's avoid the call for older versions. Additionally, fix the resolving of SSL_CTX_load_verify_locations for Symbian (is not used in Symbian yet). Reviewed-by: Markus Goetz
Diffstat (limited to 'src')
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp5
-rw-r--r--src/network/ssl/qsslsocket_openssl_p.h1
-rw-r--r--src/network/ssl/qsslsocket_openssl_symbols.cpp5
-rw-r--r--src/network/ssl/qsslsocket_openssl_symbols_p.h1
4 files changed, 9 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 455a49f1..646889c 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -393,14 +393,15 @@ init_context:
}
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
- if (client) {
+ if (client && q_SSLeay() >= 0x00090806fL) {
// Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format.
QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName;
if (tlsHostName.isEmpty())
tlsHostName = hostName;
QByteArray ace = QUrl::toAce(tlsHostName);
if (!ace.isEmpty()) {
- q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData());
+ if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData()))
+ qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
}
}
#endif
diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h
index 02d70f9..ca49fab 100644
--- a/src/network/ssl/qsslsocket_openssl_p.h
+++ b/src/network/ssl/qsslsocket_openssl_p.h
@@ -79,6 +79,7 @@
#include <openssl/x509_vfy.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
+#include <openssl/crypto.h>
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
#include <openssl/tls1.h>
#endif
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 732fc86..b1310cc 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -266,6 +266,7 @@ DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c,
DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG)
DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG)
DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return)
+DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return)
#ifdef Q_OS_SYMBIAN
#define RESOLVEFUNC(func, ordinal, lib) \
@@ -606,6 +607,7 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(SSLv3_server_method, 197, libs.first )
RESOLVEFUNC(SSLv23_server_method, 191, libs.first )
RESOLVEFUNC(TLSv1_server_method, 200, libs.first )
+ RESOLVEFUNC(SSL_CTX_load_verify_locations, 34, libs.first )
RESOLVEFUNC(X509_NAME_oneline, 1830, libs.second )
RESOLVEFUNC(X509_PUBKEY_get, 1844, libs.second )
RESOLVEFUNC(X509_STORE_free, 1939, libs.second )
@@ -637,7 +639,7 @@ bool q_resolveOpenSslSymbols()
#endif
RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf, 1153, libs.second )
RESOLVEFUNC(OPENSSL_add_all_algorithms_conf, 1152, libs.second )
- RESOLVEFUNC(SSL_CTX_load_verify_locations, 34, libs.second )
+ RESOLVEFUNC(SSLeay, 1504, libs.second )
#else // Q_OS_SYMBIAN
#ifdef SSLEAY_MACROS
RESOLVEFUNC(ASN1_dup)
@@ -766,6 +768,7 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf)
RESOLVEFUNC(OPENSSL_add_all_algorithms_conf)
RESOLVEFUNC(SSL_CTX_load_verify_locations)
+ RESOLVEFUNC(SSLeay)
#endif // Q_OS_SYMBIAN
symbolsResolved = true;
delete libs.first;
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
index 5aab8d7..49830ac 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -416,6 +416,7 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
void q_OPENSSL_add_all_algorithms_noconf();
void q_OPENSSL_add_all_algorithms_conf();
int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);
+long q_SSLeay();
// Helper function
class QDateTime;