diff options
| author | Alyssa Ross <hi@alyssa.is> | 2019-08-31 11:57:05 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2019-09-16 22:04:28 +0000 |
| commit | a0842e8b20cbe1ed717b72775428d1f8fc047fa4 (patch) | |
| tree | b86d0614a477f7e092d626d59b888d085aaca400 /nixpkgs/pkgs/development/libraries/qt-5 | |
| parent | c36b32d476b520ed0d2a37cd0973f98583d6dc7c (diff) | |
| parent | 8d1510abfb592339e13ce8f6db6f29c1f8b72924 (diff) | |
| download | nixlib-a0842e8b20cbe1ed717b72775428d1f8fc047fa4.tar nixlib-a0842e8b20cbe1ed717b72775428d1f8fc047fa4.tar.gz nixlib-a0842e8b20cbe1ed717b72775428d1f8fc047fa4.tar.bz2 nixlib-a0842e8b20cbe1ed717b72775428d1f8fc047fa4.tar.lz nixlib-a0842e8b20cbe1ed717b72775428d1f8fc047fa4.tar.xz nixlib-a0842e8b20cbe1ed717b72775428d1f8fc047fa4.tar.zst nixlib-a0842e8b20cbe1ed717b72775428d1f8fc047fa4.zip | |
Merge commit '8d1510abfb592339e13ce8f6db6f29c1f8b72924'
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/qt-5')
15 files changed, 3992 insertions, 1649 deletions
diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/default.nix b/nixpkgs/pkgs/development/libraries/qt-5/5.6/default.nix deleted file mode 100644 index d45b014b765e..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/default.nix +++ /dev/null @@ -1,193 +0,0 @@ -/* - -# New packages - -READ THIS FIRST - -This module is for official packages in Qt 5. All available packages are listed -in `./srcs.nix`, although a few are not yet packaged in Nixpkgs (see below). - -IF YOUR PACKAGE IS NOT LISTED IN `./srcs.nix`, IT DOES NOT GO HERE. - -Many of the packages released upstream are not yet built in Nixpkgs due to lack -of demand. To add a Nixpkgs build for an upstream package, copy one of the -existing packages here and modify it as necessary. - -# Updates - -1. Update the URL in `./fetch.sh`. -2. Run `./maintainers/scripts/fetch-kde-qt.sh pkgs/development/libraries/qt-5/$VERSION/` - from the top of the Nixpkgs tree. -3. Check that the new packages build correctly. -4. Commit the changes and open a pull request. - -*/ - -{ - newScope, - stdenv, fetchurl, fetchpatch, makeSetupHook, makeWrapper, - bison, cups ? null, harfbuzz, libGL, perl, - gstreamer, gst-plugins-base, - - # options - developerBuild ? false, - decryptSslTraffic ? false, - debug ? false, -}: - -with stdenv.lib; - -let - - qtCompatVersion = srcs.qtbase.version; - - mirror = "http://download.qt.io"; - srcs = import ./srcs.nix { inherit fetchurl; inherit mirror; }; - - patches = { - qtbase = [ - ./qtbase.patch - ./qtbase-fixguicmake.patch - (fetchpatch { - name = "CVE-2018-15518.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=28a6e642af2ccb454dd019f551c2908753f76f08"; - sha256 = "0nyssg7d0br7qgzp481f1w8b4p1bj2ggv9iyfrm1mng5v9fypdd7"; - }) - (fetchpatch { - name = "CVE-2018-19873.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=c9b9f663d7243988bcb5fee9180ea9cb3a321a86"; - sha256 = "1q01cafy92c1j8cgrv4sk133mi3d48x8kbg3glbnnbijpc4k6di5"; - }) - (fetchpatch { - name = "CVE-2018-19870.patch"; - url = "http://code.qt.io/cgit/qt/qtbase.git/patch/?id=ac0a910756f91726e03c0e6a89d213bdb4f48fec"; - sha256 = "00qb9yqwvwnp202am3lqirkjxln1cj8v4wvmlyqya6hna176lj2l"; - }) - ]; - qtdeclarative = [ ./qtdeclarative.patch ]; - qtscript = [ ./qtscript.patch ]; - qtserialport = [ ./qtserialport.patch ]; - qttools = [ ./qttools.patch ]; - qtwebengine = [ ./qtwebengine-seccomp.patch ]; - qtwebkit = [ ./qtwebkit.patch ]; - qtvirtualkeyboard = [ - (fetchpatch { - name = "CVE-2018-19865-A.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=c02115db1de1f3aba81e109043766d600f886522"; - sha256 = "0ncnyl8f3ypi1kcb9z2i8j33snix111h28njrx8rb49ny01ap8x2"; - }) - (fetchpatch { - name = "CVE-2018-19865-B.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=01fc537adc74d5e102c8cc93384cdf5cb08b4442"; - sha256 = "19z8kxqf2lpjqr8189ingrpadch4niviw3p5v93zgx24v7950q27"; - }) - (fetchpatch { - name = "CVE-2018-19865-C.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=993a21ba03534b172d5354405cc9d50a2a822e24"; - sha256 = "1bipqxr9bvy8z402pv9kj2w1yzcsj1v03l09pg5jyg1xh6jbgiky"; - }) - ]; - qtimageformats = [ - (fetchpatch { - name = "CVE-2018-19871.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtimageformats.git;a=patch;h=9299ab07df61c56b70e047f1fe5f06b6ff541aa3"; - sha256 = "0fd3mxdlc0s405j02bc0g72fvdfvpi31a837xfwf40m5j4jbyndr"; - }) - ]; - qtsvg = [ - (fetchpatch { - name = "CVE-2018-19869.patch"; - url = "http://code.qt.io/cgit/qt/qtsvg.git/patch/?id=c5f1dd14098d1cc2cb52448fb44f53966d331443"; - sha256 = "1kgyfsxw2f0qv5fx9y7wysjsvqikam0qc7wzhklf0406zz6rhxbl"; - }) - ]; - }; - - qtModule = - import ../qtModule.nix - { - inherit perl; - inherit (stdenv) lib; - # Use a variant of mkDerivation that does not include wrapQtApplications - # to avoid cyclic dependencies between Qt modules. - mkDerivation = - import ../mkDerivation.nix - { inherit (stdenv) lib; inherit debug; wrapQtAppsHook = null; } - stdenv.mkDerivation; - } - { inherit self srcs patches; }; - - addPackages = self: with self; - let - callPackage = self.newScope { inherit qtCompatVersion qtModule srcs; }; - in { - - mkDerivationWith = - import ../mkDerivation.nix - { inherit (stdenv) lib; inherit debug; inherit (self) wrapQtAppsHook; }; - - mkDerivation = mkDerivationWith stdenv.mkDerivation; - - qtbase = callPackage ../modules/qtbase.nix { - inherit bison cups harfbuzz libGL; - inherit (srcs.qtbase) src version; - patches = patches.qtbase; - inherit developerBuild decryptSslTraffic; - }; - - /* qt3d = not packaged */ - /* qtactiveqt = not packaged */ - /* qtandroidextras = not packaged */ - /* qtcanvas3d = not packaged */ - qtconnectivity = callPackage ../modules/qtconnectivity.nix {}; - qtdeclarative = callPackage ../modules/qtdeclarative.nix {}; - qtdoc = callPackage ../modules/qtdoc.nix {}; - qtgraphicaleffects = callPackage ../modules/qtgraphicaleffects.nix {}; - qtimageformats = callPackage ../modules/qtimageformats.nix {}; - qtlocation = callPackage ../modules/qtlocation.nix {}; - /* qtmacextras = not packaged */ - qtmultimedia = callPackage ../modules/qtmultimedia.nix { - inherit gstreamer gst-plugins-base; - }; - qtquick1 = null; - qtquickcontrols = callPackage ../modules/qtquickcontrols.nix {}; - qtquickcontrols2 = callPackage ../modules/qtquickcontrols2.nix {}; - qtscript = callPackage ../modules/qtscript.nix {}; - qtsensors = callPackage ../modules/qtsensors.nix {}; - qtserialport = callPackage ../modules/qtserialport.nix {}; - qtsvg = callPackage ../modules/qtsvg.nix {}; - qttools = callPackage ../modules/qttools.nix {}; - qttranslations = callPackage ../modules/qttranslations.nix {}; - qtwayland = callPackage ../modules/qtwayland.nix {}; - qtwebchannel = callPackage ../modules/qtwebchannel.nix {}; - qtwebengine = callPackage ../modules/qtwebengine.nix {}; - qtwebkit = callPackage ../modules/qtwebkit.nix {}; - qtwebsockets = callPackage ../modules/qtwebsockets.nix {}; - /* qtwinextras = not packaged */ - qtx11extras = callPackage ../modules/qtx11extras.nix {}; - qtxmlpatterns = callPackage ../modules/qtxmlpatterns.nix {}; - qtvirtualkeyboard = callPackage ../modules/qtvirtualkeyboard.nix {}; - - env = callPackage ../qt-env.nix {}; - full = env "qt-full-${qtbase.version}" [ - qtconnectivity qtdeclarative qtdoc qtgraphicaleffects qtimageformats - qtlocation qtmultimedia qtquickcontrols qtquickcontrols2 qtscript - qtsensors qtserialport qtsvg qttools qttranslations qtwayland - qtwebchannel qtwebengine qtwebkit qtwebsockets qtx11extras qtxmlpatterns - ]; - - qmake = makeSetupHook { - deps = [ self.qtbase.dev ]; - substitutions = { inherit (stdenv) isDarwin; }; - } ../hooks/qmake-hook.sh; - - wrapQtAppsHook = makeSetupHook { - deps = - [ self.qtbase.dev makeWrapper ] - ++ optional stdenv.isLinux self.qtwayland.dev; - } ../hooks/wrap-qt-apps-hook.sh; - }; - - self = makeScope newScope addPackages; - -in self diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/fetch.sh b/nixpkgs/pkgs/development/libraries/qt-5/5.6/fetch.sh deleted file mode 100644 index bb9eb66a01dc..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/fetch.sh +++ /dev/null @@ -1,2 +0,0 @@ -WGET_ARGS=( http://download.qt.io/official_releases/qt/5.6/5.6.3/submodules/ \ - http://download.qt.io/community_releases/5.6/5.6.3/ ) diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtbase-fixguicmake.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtbase-fixguicmake.patch deleted file mode 100644 index 8b46d432812a..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtbase-fixguicmake.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -index 0bbc871..3673634 100644 ---- a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -+++ b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -@@ -286,7 +286,7 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - macro(_populate_$${CMAKE_MODULE_NAME}_plugin_properties Plugin Configuration PLUGIN_LOCATION) - set_property(TARGET Qt5::${Plugin} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - -- set(imported_location \"$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") -+ set(imported_location \"${PLUGIN_LOCATION}\") - _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_location}) - set_target_properties(Qt5::${Plugin} PROPERTIES - \"IMPORTED_LOCATION_${Configuration}\" ${imported_location} -diff --git a/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in b/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in -index 5baf0fd..3583745 100644 ---- a/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in -+++ b/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in -@@ -2,10 +2,10 @@ - add_library(Qt5::$$CMAKE_PLUGIN_NAME MODULE IMPORTED) - - !!IF !isEmpty(CMAKE_RELEASE_TYPE) --_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME RELEASE \"$${CMAKE_PLUGIN_LOCATION_RELEASE}\") -+_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME RELEASE \"$${CMAKE_PLUGIN_DIR}$${CMAKE_PLUGIN_LOCATION_RELEASE}\") - !!ENDIF - !!IF !isEmpty(CMAKE_DEBUG_TYPE) --_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME DEBUG \"$${CMAKE_PLUGIN_LOCATION_DEBUG}\") -+_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME DEBUG \"$${CMAKE_PLUGIN_DIR}$${CMAKE_PLUGIN_LOCATION_DEBUG}\") - !!ENDIF - - list(APPEND Qt5$${CMAKE_MODULE_NAME}_PLUGINS Qt5::$$CMAKE_PLUGIN_NAME) diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtbase.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtbase.patch deleted file mode 100644 index d8322cbc1997..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtbase.patch +++ /dev/null @@ -1,795 +0,0 @@ -diff --git a/mkspecs/features/create_cmake.prf b/mkspecs/features/create_cmake.prf -index 11fb52a0b1..614fdbb046 100644 ---- a/mkspecs/features/create_cmake.prf -+++ b/mkspecs/features/create_cmake.prf -@@ -21,7 +21,7 @@ load(cmake_functions) - # at cmake time whether package has been found via a symlink, and correct - # that to an absolute path. This is only done for installations to - # the /usr or / prefix. --CMAKE_INSTALL_LIBS_DIR = $$cmakeTargetPath($$[QT_INSTALL_LIBS]) -+CMAKE_INSTALL_LIBS_DIR = $$cmakeTargetPath($$NIX_OUTPUT_OUT/lib/) - contains(CMAKE_INSTALL_LIBS_DIR, ^(/usr)?/lib(64)?.*): CMAKE_USR_MOVE_WORKAROUND = $$CMAKE_INSTALL_LIBS_DIR - - CMAKE_OUT_DIR = $$MODULE_BASE_OUTDIR/lib/cmake -@@ -47,47 +47,22 @@ split_incpath { - $$cmake_extra_source_includes.output - } - --CMAKE_INCLUDE_DIR = $$cmakeRelativePath($$[QT_INSTALL_HEADERS], $$[QT_INSTALL_PREFIX]) --contains(CMAKE_INCLUDE_DIR, "^\\.\\./.*") { -- CMAKE_INCLUDE_DIR = $$[QT_INSTALL_HEADERS]/ -- CMAKE_INCLUDE_DIR_IS_ABSOLUTE = True --} -+CMAKE_INCLUDE_DIR = $$NIX_OUTPUT_DEV/include/ -+CMAKE_INCLUDE_DIR_IS_ABSOLUTE = True - - !exists($$first(QT.$${MODULE}_private.includes)): CMAKE_NO_PRIVATE_INCLUDES = true - --CMAKE_LIB_DIR = $$cmakeRelativePath($$[QT_INSTALL_LIBS], $$[QT_INSTALL_PREFIX]) --contains(CMAKE_LIB_DIR,"^\\.\\./.*") { -- CMAKE_LIB_DIR = $$[QT_INSTALL_LIBS]/ -- CMAKE_LIB_DIR_IS_ABSOLUTE = True --} else { -- CMAKE_RELATIVE_INSTALL_LIBS_DIR = $$cmakeRelativePath($$[QT_INSTALL_PREFIX], $$[QT_INSTALL_LIBS]) -- # We need to go up another two levels because the CMake files are -- # installed in $${CMAKE_LIB_DIR}/cmake/Qt5$${CMAKE_MODULE_NAME} -- CMAKE_RELATIVE_INSTALL_DIR = "$${CMAKE_RELATIVE_INSTALL_LIBS_DIR}../../" --} -+CMAKE_LIB_DIR = $$NIX_OUTPUT_OUT/lib/ -+CMAKE_LIB_DIR_IS_ABSOLUTE = True - --CMAKE_BIN_DIR = $$cmakeRelativePath($$[QT_HOST_BINS], $$[QT_INSTALL_PREFIX]) --contains(CMAKE_BIN_DIR, "^\\.\\./.*") { -- CMAKE_BIN_DIR = $$[QT_HOST_BINS]/ -- CMAKE_BIN_DIR_IS_ABSOLUTE = True --} -+CMAKE_BIN_DIR = $$NIX_OUTPUT_BIN/bin/ -+CMAKE_BIN_DIR_IS_ABSOLUTE = True - --CMAKE_PLUGIN_DIR = $$cmakeRelativePath($$[QT_INSTALL_PLUGINS], $$[QT_INSTALL_PREFIX]) --contains(CMAKE_PLUGIN_DIR, "^\\.\\./.*") { -- CMAKE_PLUGIN_DIR = $$[QT_INSTALL_PLUGINS]/ -- CMAKE_PLUGIN_DIR_IS_ABSOLUTE = True --} -+CMAKE_PLUGIN_DIR = $$NIX_OUTPUT_PLUGIN/ -+CMAKE_PLUGIN_DIR_IS_ABSOLUTE = True - --win32:!wince:!static:!staticlib { -- CMAKE_DLL_DIR = $$cmakeRelativePath($$[QT_INSTALL_BINS], $$[QT_INSTALL_PREFIX]) -- contains(CMAKE_DLL_DIR, "^\\.\\./.*") { -- CMAKE_DLL_DIR = $$[QT_INSTALL_BINS]/ -- CMAKE_DLL_DIR_IS_ABSOLUTE = True -- } --} else { -- CMAKE_DLL_DIR = $$CMAKE_LIB_DIR -- CMAKE_DLL_DIR_IS_ABSOLUTE = $$CMAKE_LIB_DIR_IS_ABSOLUTE --} -+CMAKE_DLL_DIR = $$NIX_OUTPUT_OUT/lib/ -+CMAKE_DLL_DIR_IS_ABSOLUTE = True - - static|staticlib:CMAKE_STATIC_TYPE = true - -@@ -167,7 +142,7 @@ contains(CONFIG, plugin) { - cmake_target_file - - cmake_qt5_plugin_file.files = $$cmake_target_file.output -- cmake_qt5_plugin_file.path = $$[QT_INSTALL_LIBS]/cmake/Qt5$${CMAKE_MODULE_NAME} -+ cmake_qt5_plugin_file.path = $$NIX_OUTPUT_OUT/lib/cmake/Qt5$${CMAKE_MODULE_NAME} - INSTALLS += cmake_qt5_plugin_file - - return() -@@ -314,7 +289,7 @@ exists($$cmake_macros_file.input) { - cmake_qt5_module_files.files += $$cmake_macros_file.output - } - --cmake_qt5_module_files.path = $$[QT_INSTALL_LIBS]/cmake/Qt5$${CMAKE_MODULE_NAME} -+cmake_qt5_module_files.path = $$NIX_OUTPUT_OUT/lib/cmake/Qt5$${CMAKE_MODULE_NAME} - - # We are generating cmake files. Most developers of Qt are not aware of cmake, - # so we require automatic tests to be available. The only module which should -diff --git a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -index d2358cae4b..61d8cc0471 100644 ---- a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -+++ b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -@@ -9,30 +9,6 @@ if (CMAKE_VERSION VERSION_LESS 3.0.0) - endif() - !!ENDIF - --!!IF !isEmpty(CMAKE_USR_MOVE_WORKAROUND) --!!IF !isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) --set(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"$$[QT_INSTALL_PREFIX]\") --!!ELSE --get_filename_component(_IMPORT_PREFIX \"${CMAKE_CURRENT_LIST_FILE}\" PATH) --# Use original install prefix when loaded through a --# cross-prefix symbolic link such as /lib -> /usr/lib. --get_filename_component(_realCurr \"${_IMPORT_PREFIX}\" REALPATH) --get_filename_component(_realOrig \"$$CMAKE_INSTALL_LIBS_DIR/cmake/Qt5$${CMAKE_MODULE_NAME}\" REALPATH) --if(_realCurr STREQUAL _realOrig) -- get_filename_component(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"$$CMAKE_INSTALL_LIBS_DIR/$${CMAKE_RELATIVE_INSTALL_LIBS_DIR}\" ABSOLUTE) --else() -- get_filename_component(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"${CMAKE_CURRENT_LIST_DIR}/$${CMAKE_RELATIVE_INSTALL_DIR}\" ABSOLUTE) --endif() --unset(_realOrig) --unset(_realCurr) --unset(_IMPORT_PREFIX) --!!ENDIF --!!ELIF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) --get_filename_component(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"${CMAKE_CURRENT_LIST_DIR}/$${CMAKE_RELATIVE_INSTALL_DIR}\" ABSOLUTE) --!!ELSE --set(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"$$[QT_INSTALL_PREFIX]\") --!!ENDIF -- - !!IF !equals(TEMPLATE, aux) - # For backwards compatibility only. Use Qt5$${CMAKE_MODULE_NAME}_VERSION instead. - set(Qt5$${CMAKE_MODULE_NAME}_VERSION_STRING "$$eval(QT.$${MODULE}.MAJOR_VERSION).$$eval(QT.$${MODULE}.MINOR_VERSION).$$eval(QT.$${MODULE}.PATCH_VERSION)") -@@ -58,11 +34,7 @@ endmacro() - macro(_populate_$${CMAKE_MODULE_NAME}_target_properties Configuration LIB_LOCATION IMPLIB_LOCATION) - set_property(TARGET Qt5::$${CMAKE_MODULE_NAME} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - --!!IF isEmpty(CMAKE_DLL_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_DLL_DIR}${LIB_LOCATION}\") --!!ELSE - set(imported_location \"$${CMAKE_DLL_DIR}${LIB_LOCATION}\") --!!ENDIF - _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_location}) - set_target_properties(Qt5::$${CMAKE_MODULE_NAME} PROPERTIES - \"INTERFACE_LINK_LIBRARIES\" \"${_Qt5$${CMAKE_MODULE_NAME}_LIB_DEPENDENCIES}\" -@@ -75,11 +47,7 @@ macro(_populate_$${CMAKE_MODULE_NAME}_target_properties Configuration LIB_LOCATI - ) - - !!IF !isEmpty(CMAKE_WINDOWS_BUILD) --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- set(imported_implib \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") --!!ELSE - set(imported_implib \"IMPORTED_IMPLIB_${Configuration}\" \"$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") --!!ENDIF - _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_implib}) - if(NOT \"${IMPLIB_LOCATION}\" STREQUAL \"\") - set_target_properties(Qt5::$${CMAKE_MODULE_NAME} PROPERTIES -@@ -95,24 +63,13 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - !!IF !no_module_headers - !!IF !isEmpty(CMAKE_BUILD_IS_FRAMEWORK) - set(_Qt5$${CMAKE_MODULE_NAME}_OWN_INCLUDE_DIRS -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework\" -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Headers\" -+ \"$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework\" -+ \"$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Headers\" - ) - !!IF isEmpty(CMAKE_NO_PRIVATE_INCLUDES) - set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Versions/$$section(VERSION, ., 0, 0)/Headers/$$VERSION/\" -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Versions/$$section(VERSION, ., 0, 0)/Headers/$$VERSION/$${MODULE_INCNAME}\" -- ) --!!ELSE -- set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS \"\") --!!ENDIF --!!ELSE --!!IF isEmpty(CMAKE_INCLUDE_DIR_IS_ABSOLUTE) -- set(_Qt5$${CMAKE_MODULE_NAME}_OWN_INCLUDE_DIRS \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$$CMAKE_INCLUDE_DIR\" \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_INCLUDE_DIR}$${MODULE_INCNAME}\") --!!IF isEmpty(CMAKE_NO_PRIVATE_INCLUDES) -- set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_INCLUDE_DIR}$${MODULE_INCNAME}/$$VERSION\" -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_INCLUDE_DIR}$${MODULE_INCNAME}/$$VERSION/$${MODULE_INCNAME}\" -+ \"$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Versions/$$section(VERSION, ., 0, 0)/Headers/$$VERSION/\" -+ \"$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Versions/$$section(VERSION, ., 0, 0)/Headers/$$VERSION/$${MODULE_INCNAME}\" - ) - !!ELSE - set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS \"\") -@@ -128,7 +85,6 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS \"\") - !!ENDIF - !!ENDIF --!!ENDIF - !!IF !isEmpty(CMAKE_ADD_SOURCE_INCLUDE_DIRS) - include(\"${CMAKE_CURRENT_LIST_DIR}/ExtraSourceIncludes.cmake\" OPTIONAL) - !!ENDIF -@@ -254,25 +210,13 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - !!IF !isEmpty(CMAKE_FIND_OTHER_LIBRARY_BUILD) - !!IF isEmpty(CMAKE_DEBUG_TYPE) - !!IF !isEmpty(CMAKE_STATIC_WINDOWS_BUILD) --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- if (EXISTS \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) --!!ELSE // CMAKE_LIB_DIR_IS_ABSOLUTE - if (EXISTS \"$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) --!!ENDIF // CMAKE_LIB_DIR_IS_ABSOLUTE - _populate_$${CMAKE_MODULE_NAME}_target_properties(DEBUG \"$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" \"\" ) - !!ELSE // CMAKE_STATIC_WINDOWS_BUILD - if (EXISTS --!!IF isEmpty(CMAKE_DLL_DIR_IS_ABSOLUTE) -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_DLL_DIR}$${CMAKE_LIB_FILE_LOCATION_DEBUG}\" --!!ELSE - \"$${CMAKE_LIB_FILE_LOCATION_DEBUG}\" --!!ENDIF - AND EXISTS --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) --!!ELSE - \"$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) --!!ENDIF - _populate_$${CMAKE_MODULE_NAME}_target_properties(DEBUG \"$${CMAKE_LIB_FILE_LOCATION_DEBUG}\" \"$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) - !!ENDIF // CMAKE_STATIC_WINDOWS_BUILD - endif() -@@ -291,25 +235,13 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - !!IF !isEmpty(CMAKE_FIND_OTHER_LIBRARY_BUILD) - !!IF isEmpty(CMAKE_RELEASE_TYPE) - !!IF !isEmpty(CMAKE_STATIC_WINDOWS_BUILD) --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- if (EXISTS \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) --!!ELSE // CMAKE_LIB_DIR_IS_ABSOLUTE - if (EXISTS \"$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) --!!ENDIF // CMAKE_LIB_DIR_IS_ABSOLUTE - _populate_$${CMAKE_MODULE_NAME}_target_properties(RELEASE \"$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" \"\" ) - !!ELSE // CMAKE_STATIC_WINDOWS_BUILD - if (EXISTS --!!IF isEmpty(CMAKE_DLL_DIR_IS_ABSOLUTE) -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_DLL_DIR}$${CMAKE_LIB_FILE_LOCATION_RELEASE}\" --!!ELSE - \"$${CMAKE_LIB_FILE_LOCATION_RELEASE}\" --!!ENDIF - AND EXISTS --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) --!!ELSE - \"$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) --!!ENDIF - _populate_$${CMAKE_MODULE_NAME}_target_properties(RELEASE \"$${CMAKE_LIB_FILE_LOCATION_RELEASE}\" \"$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) - !!ENDIF // CMAKE_STATIC_WINDOWS_BUILD - endif() -@@ -328,11 +260,7 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - macro(_populate_$${CMAKE_MODULE_NAME}_plugin_properties Plugin Configuration PLUGIN_LOCATION) - set_property(TARGET Qt5::${Plugin} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - --!!IF isEmpty(CMAKE_PLUGIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") --!!ELSE - set(imported_location \"$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") --!!ENDIF - _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_location}) - set_target_properties(Qt5::${Plugin} PROPERTIES - \"IMPORTED_LOCATION_${Configuration}\" ${imported_location} -diff --git a/mkspecs/features/qml_module.prf b/mkspecs/features/qml_module.prf -index 47ebe78400..25aa2b93e7 100644 ---- a/mkspecs/features/qml_module.prf -+++ b/mkspecs/features/qml_module.prf -@@ -17,10 +17,7 @@ fq_qml_files = $$_PRO_FILE_PWD_/qmldir - - for(qmlf, QML_FILES): fq_qml_files += $$absolute_path($$qmlf, $$_PRO_FILE_PWD_) - --qml1_target: \ -- instbase = $$[QT_INSTALL_IMPORTS] --else: \ -- instbase = $$[QT_INSTALL_QML] -+instbase = $$NIX_OUTPUT_QML - - # Install rules - qmldir.base = $$_PRO_FILE_PWD_ -diff --git a/mkspecs/features/qml_plugin.prf b/mkspecs/features/qml_plugin.prf -index ebec1db8da..62ace84a6c 100644 ---- a/mkspecs/features/qml_plugin.prf -+++ b/mkspecs/features/qml_plugin.prf -@@ -46,13 +46,8 @@ exists($$QMLTYPEFILE): QML_FILES += $$QMLTYPEFILE - - load(qt_build_paths) - --qml1_target { -- DESTDIR = $$MODULE_BASE_OUTDIR/imports/$$TARGETPATH -- instbase = $$[QT_INSTALL_IMPORTS] --} else { -- DESTDIR = $$MODULE_BASE_OUTDIR/qml/$$TARGETPATH -- instbase = $$[QT_INSTALL_QML] --} -+DESTDIR = $$MODULE_BASE_OUTDIR/qml/$$TARGETPATH -+instbase = $$NIX_OUTPUT_QML - - target.path = $$instbase/$$TARGETPATH - INSTALLS += target -diff --git a/mkspecs/features/qt_app.prf b/mkspecs/features/qt_app.prf -index 46aca50cc2..4f4e634724 100644 ---- a/mkspecs/features/qt_app.prf -+++ b/mkspecs/features/qt_app.prf -@@ -29,7 +29,7 @@ host_build:force_bootstrap { - target.path = $$[QT_HOST_BINS] - } else { - !build_pass:contains(QT_CONFIG, debug_and_release): CONFIG += release -- target.path = $$[QT_INSTALL_BINS] -+ target.path = $$NIX_OUTPUT_BIN/bin - CONFIG += relative_qt_rpath # Qt's tools and apps should be relocatable - } - INSTALLS += target -diff --git a/mkspecs/features/qt_build_paths.prf b/mkspecs/features/qt_build_paths.prf -index 1848f00e90..2af93675c5 100644 ---- a/mkspecs/features/qt_build_paths.prf -+++ b/mkspecs/features/qt_build_paths.prf -@@ -23,6 +23,6 @@ exists($$MODULE_BASE_INDIR/.git): \ - !force_independent { - # If the module is not built independently, everything ends up in qtbase. - # This is the case in non-prefix builds, except for selected modules. -- MODULE_BASE_OUTDIR = $$[QT_HOST_PREFIX] -- MODULE_QMAKE_OUTDIR = $$[QT_HOST_PREFIX] -+ MODULE_BASE_OUTDIR = $$NIX_OUTPUT_OUT -+ MODULE_QMAKE_OUTDIR = $$NIX_OUTPUT_OUT - } -diff --git a/mkspecs/features/qt_common.prf b/mkspecs/features/qt_common.prf -index 08b3f3e5af..5ffeafd9d8 100644 ---- a/mkspecs/features/qt_common.prf -+++ b/mkspecs/features/qt_common.prf -@@ -30,8 +30,8 @@ contains(TEMPLATE, .*lib) { - qqt_libdir = \$\$\$\$[QT_HOST_LIBS] - qt_libdir = $$[QT_HOST_LIBS] - } else { -- qqt_libdir = \$\$\$\$[QT_INSTALL_LIBS] -- qt_libdir = $$[QT_INSTALL_LIBS] -+ qqt_libdir = \$\$\$\$NIX_OUTPUT_OUT/lib -+ qt_libdir = $$NIX_OUTPUT_OUT/lib - } - contains(QMAKE_DEFAULT_LIBDIRS, $$qt_libdir) { - lib_replace.match = "[^ ']*$$rplbase/lib" -diff --git a/mkspecs/features/qt_docs.prf b/mkspecs/features/qt_docs.prf -index 183d0c9502..17982b04ec 100644 ---- a/mkspecs/features/qt_docs.prf -+++ b/mkspecs/features/qt_docs.prf -@@ -41,7 +41,7 @@ QMAKE_DOCS_OUTPUTDIR = $$QMAKE_DOCS_BASE_OUTDIR/$$QMAKE_DOCS_TARGETDIR - - QDOC += -outputdir $$shell_quote($$QMAKE_DOCS_OUTPUTDIR) - !build_online_docs: \ -- QDOC += -installdir $$shell_quote($$[QT_INSTALL_DOCS]) -+ QDOC += -installdir $$shell_quote($$NIX_OUTPUT_DOC) - PREP_DOC_INDEXES = - DOC_INDEXES = - !isEmpty(QTREPOS) { -@@ -60,8 +60,8 @@ DOC_INDEXES = - DOC_INDEXES += -indexdir $$shell_quote($$qrep/doc) - } else { - prepare_docs: \ -- PREP_DOC_INDEXES += -indexdir $$shell_quote($$[QT_INSTALL_DOCS/get]) -- DOC_INDEXES += -indexdir $$shell_quote($$[QT_INSTALL_DOCS/get]) -+ PREP_DOC_INDEXES += -indexdir $$shell_quote($$NIX_OUTPUT_DOC) -+ DOC_INDEXES += -indexdir $$shell_quote($$NIX_OUTPUT_DOC) - } - doc_command = $$QDOC $$QMAKE_DOCS - prepare_docs { -@@ -75,12 +75,12 @@ prepare_docs { - qch_docs.commands = $$QHELPGENERATOR $$shell_quote($$QMAKE_DOCS_OUTPUTDIR/$${QMAKE_DOCS_TARGET}.qhp) -o $$shell_quote($$QMAKE_DOCS_BASE_OUTDIR/$${QMAKE_DOCS_TARGET}.qch) - - inst_html_docs.files = $$QMAKE_DOCS_OUTPUTDIR -- inst_html_docs.path = $$[QT_INSTALL_DOCS] -+ inst_html_docs.path = $$NIX_OUTPUT_DOC - inst_html_docs.CONFIG += no_check_exist directory no_default_install no_build - INSTALLS += inst_html_docs - - inst_qch_docs.files = $$QMAKE_DOCS_BASE_OUTDIR/$${QMAKE_DOCS_TARGET}.qch -- inst_qch_docs.path = $$[QT_INSTALL_DOCS] -+ inst_qch_docs.path = $$NIX_OUTPUT_DOC - inst_qch_docs.CONFIG += no_check_exist no_default_install no_build - INSTALLS += inst_qch_docs - -diff --git a/mkspecs/features/qt_example_installs.prf b/mkspecs/features/qt_example_installs.prf -index 4c68cfd72f..f422f18266 100644 ---- a/mkspecs/features/qt_example_installs.prf -+++ b/mkspecs/features/qt_example_installs.prf -@@ -70,7 +70,7 @@ probase = $$relative_path($$_PRO_FILE_PWD_, $$dirname(_QMAKE_CONF_)/examples) - $$SOURCES $$HEADERS $$FORMS $$RESOURCES $$TRANSLATIONS \ - $$DBUS_ADAPTORS $$DBUS_INTERFACES - addInstallFiles(sources.files, $$sourcefiles) -- sources.path = $$[QT_INSTALL_EXAMPLES]/$$probase -+ sources.path = $$NIX_OUTPUT_DEV/share/examples/$$probase - INSTALLS += sources - - check_examples { -diff --git a/mkspecs/features/qt_functions.prf b/mkspecs/features/qt_functions.prf -index 4a1d265a8b..d346424b5b 100644 ---- a/mkspecs/features/qt_functions.prf -+++ b/mkspecs/features/qt_functions.prf -@@ -70,7 +70,7 @@ defineTest(qtHaveModule) { - defineTest(qtPrepareTool) { - cmd = $$eval(QT_TOOL.$${2}.binary) - isEmpty(cmd) { -- cmd = $$[QT_HOST_BINS]/$$2 -+ cmd = $$system("command -v $$2") - exists($${cmd}.pl) { - cmd = perl -w $$system_path($${cmd}.pl) - } else: contains(QMAKE_HOST.os, Windows) { -diff --git a/mkspecs/features/qt_installs.prf b/mkspecs/features/qt_installs.prf -index 3a5dbb6274..24f321bd82 100644 ---- a/mkspecs/features/qt_installs.prf -+++ b/mkspecs/features/qt_installs.prf -@@ -12,16 +12,10 @@ - #library - !qt_no_install_library { - win32 { -- host_build: \ -- dlltarget.path = $$[QT_HOST_BINS] -- else: \ -- dlltarget.path = $$[QT_INSTALL_BINS] -+ dlltarget.path = $$NIX_OUTPUT_BIN/bin - INSTALLS += dlltarget - } -- host_build: \ -- target.path = $$[QT_HOST_LIBS] -- else: \ -- target.path = $$[QT_INSTALL_LIBS] -+ target.path = $$NIX_OUTPUT_OUT/lib - !static: target.CONFIG = no_dll - INSTALLS += target - } -@@ -29,33 +23,33 @@ - #headers - qt_install_headers { - class_headers.files = $$SYNCQT.HEADER_CLASSES -- class_headers.path = $$[QT_INSTALL_HEADERS]/$$MODULE_INCNAME -+ class_headers.path = $$NIX_OUTPUT_DEV/include/$$MODULE_INCNAME - INSTALLS += class_headers - - targ_headers.files = $$SYNCQT.HEADER_FILES -- targ_headers.path = $$[QT_INSTALL_HEADERS]/$$MODULE_INCNAME -+ targ_headers.path = $$NIX_OUTPUT_DEV/include/$$MODULE_INCNAME - INSTALLS += targ_headers - - private_headers.files = $$SYNCQT.PRIVATE_HEADER_FILES -- private_headers.path = $$[QT_INSTALL_HEADERS]/$$MODULE_INCNAME/$$VERSION/$$MODULE_INCNAME/private -+ private_headers.path = $$NIX_OUTPUT_DEV/include/$$MODULE_INCNAME/$$VERSION/$$MODULE_INCNAME/private - INSTALLS += private_headers - - qpa_headers.files = $$SYNCQT.QPA_HEADER_FILES -- qpa_headers.path = $$[QT_INSTALL_HEADERS]/$$MODULE_INCNAME/$$VERSION/$$MODULE_INCNAME/qpa -+ qpa_headers.path = $$NIX_OUTPUT_DEV/include/$$MODULE_INCNAME/$$VERSION/$$MODULE_INCNAME/qpa - INSTALLS += qpa_headers - } - - #module - qt_install_module { - !isEmpty(MODULE_PRI) { -- pritarget.path = $$[QT_HOST_DATA]/mkspecs/modules -+ pritarget.path = $$NIX_OUTPUT_DEV/mkspecs/modules - pritarget.files = $$MODULE_PRI - INSTALLS += pritarget - } else: isEmpty(MODULE_PRIVATE_PRI) { - warning("Project $$basename(_PRO_FILE_) is a module, but has not defined MODULE_PRI, which is required for Qt to expose the module to other projects.") - } - !isEmpty(MODULE_PRIVATE_PRI) { -- privpritarget.path = $$[QT_HOST_DATA]/mkspecs/modules -+ privpritarget.path = $$NIX_OUTPUT_DEV/mkspecs/modules - privpritarget.files = $$MODULE_PRIVATE_PRI - INSTALLS += privpritarget - } -diff --git a/mkspecs/features/qt_plugin.prf b/mkspecs/features/qt_plugin.prf -index 3cf6c7349c..83e68025a5 100644 ---- a/mkspecs/features/qt_plugin.prf -+++ b/mkspecs/features/qt_plugin.prf -@@ -82,7 +82,7 @@ CONFIG(static, static|shared)|prefix_build { - } - } - --target.path = $$[QT_INSTALL_PLUGINS]/$$PLUGIN_TYPE -+target.path = $$NIX_OUTPUT_PLUGIN/$$PLUGIN_TYPE - INSTALLS += target - - TARGET = $$qt5LibraryTarget($$TARGET) -diff --git a/src/corelib/Qt5CoreConfigExtras.cmake.in b/src/corelib/Qt5CoreConfigExtras.cmake.in -index 91a4eb619a..08b533e69c 100644 ---- a/src/corelib/Qt5CoreConfigExtras.cmake.in -+++ b/src/corelib/Qt5CoreConfigExtras.cmake.in -@@ -3,7 +3,7 @@ if (NOT TARGET Qt5::qmake) - add_executable(Qt5::qmake IMPORTED) - - !!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_BIN_DIR}qmake$$CMAKE_BIN_SUFFIX\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_BIN_DIR}qmake$$CMAKE_BIN_SUFFIX\") - !!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}qmake$$CMAKE_BIN_SUFFIX\") - !!ENDIF -@@ -18,7 +18,7 @@ if (NOT TARGET Qt5::moc) - add_executable(Qt5::moc IMPORTED) - - !!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_BIN_DIR}moc$$CMAKE_BIN_SUFFIX\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_BIN_DIR}moc$$CMAKE_BIN_SUFFIX\") - !!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}moc$$CMAKE_BIN_SUFFIX\") - !!ENDIF -@@ -35,7 +35,7 @@ if (NOT TARGET Qt5::rcc) - add_executable(Qt5::rcc IMPORTED) - - !!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_BIN_DIR}rcc$$CMAKE_BIN_SUFFIX\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_BIN_DIR}rcc$$CMAKE_BIN_SUFFIX\") - !!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}rcc$$CMAKE_BIN_SUFFIX\") - !!ENDIF -@@ -131,7 +131,7 @@ if (NOT TARGET Qt5::WinMain) - !!IF !isEmpty(CMAKE_RELEASE_TYPE) - set_property(TARGET Qt5::WinMain APPEND PROPERTY IMPORTED_CONFIGURATIONS RELEASE) - !!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_RELEASE}\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_RELEASE}\") - !!ELSE - set(imported_location \"$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_RELEASE}\") - !!ENDIF -@@ -145,7 +145,7 @@ if (NOT TARGET Qt5::WinMain) - set_property(TARGET Qt5::WinMain APPEND PROPERTY IMPORTED_CONFIGURATIONS DEBUG) - - !!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_DEBUG}\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_DEBUG}\") - !!ELSE - set(imported_location \"$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_DEBUG}\") - !!ENDIF -diff --git a/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in b/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in -index c357237d0e..6f0c75de3c 100644 ---- a/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in -+++ b/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in -@@ -1,6 +1,6 @@ - - !!IF isEmpty(CMAKE_HOST_DATA_DIR_IS_ABSOLUTE) --set(_qt5_corelib_extra_includes \"${_qt5Core_install_prefix}/$${CMAKE_HOST_DATA_DIR}/mkspecs/$${CMAKE_MKSPEC}\") -+set(_qt5_corelib_extra_includes \"$$NIX_OUTPUT_DEV/$${CMAKE_HOST_DATA_DIR}/mkspecs/$${CMAKE_MKSPEC}\") - !!ELSE - set(_qt5_corelib_extra_includes \"$${CMAKE_HOST_DATA_DIR}mkspecs/$${CMAKE_MKSPEC}\") - !!ENDIF -diff --git a/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in b/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in -index 706304cf34..546420f6ad 100644 ---- a/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in -+++ b/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in -@@ -1,6 +1,6 @@ - - !!IF isEmpty(CMAKE_INSTALL_DATA_DIR_IS_ABSOLUTE) --set(_qt5_corelib_extra_includes \"${_qt5Core_install_prefix}/$${CMAKE_INSTALL_DATA_DIR}/mkspecs/$${CMAKE_MKSPEC}\") -+set(_qt5_corelib_extra_includes \"$$NIX_OUTPUT_DEV/$${CMAKE_INSTALL_DATA_DIR}/mkspecs/$${CMAKE_MKSPEC}\") - !!ELSE - set(_qt5_corelib_extra_includes \"$${CMAKE_INSTALL_DATA_DIR}mkspecs/$${CMAKE_MKSPEC}\") - !!ENDIF -diff --git a/src/corelib/kernel/qcoreapplication.cpp b/src/corelib/kernel/qcoreapplication.cpp -index bd3c12ce97..a796775970 100644 ---- a/src/corelib/kernel/qcoreapplication.cpp -+++ b/src/corelib/kernel/qcoreapplication.cpp -@@ -2533,6 +2533,15 @@ QStringList QCoreApplication::libraryPaths() - QStringList *app_libpaths = new QStringList; - coreappdata()->app_libpaths.reset(app_libpaths); - -+ // Add library paths derived from PATH -+ const QStringList paths = QFile::decodeName(qgetenv("PATH")).split(':'); -+ const QString plugindir = QStringLiteral("../" NIXPKGS_QT_PLUGIN_PREFIX); -+ for (const QString &path: paths) { -+ if (!path.isEmpty()) { -+ app_libpaths->append(QDir::cleanPath(path + QDir::separator() + plugindir)); -+ } -+ } -+ - const QByteArray libPathEnv = qgetenv("QT_PLUGIN_PATH"); - if (!libPathEnv.isEmpty()) { - QStringList paths = QFile::decodeName(libPathEnv).split(QDir::listSeparator(), QString::SkipEmptyParts); -diff --git a/src/corelib/tools/qtimezoneprivate_tz.cpp b/src/corelib/tools/qtimezoneprivate_tz.cpp -index c13c9a5223..6936851511 100644 ---- a/src/corelib/tools/qtimezoneprivate_tz.cpp -+++ b/src/corelib/tools/qtimezoneprivate_tz.cpp -@@ -64,7 +64,11 @@ typedef QHash<QByteArray, QTzTimeZone> QTzTimeZoneHash; - // Parse zone.tab table, assume lists all installed zones, if not will need to read directories - static QTzTimeZoneHash loadTzTimeZones() - { -- QString path = QStringLiteral("/usr/share/zoneinfo/zone.tab"); -+ // Try TZDIR first, in case we're running on NixOS. -+ QString path = QFile::decodeName(qgetenv("TZDIR")) + QStringLiteral("/zone.tab"); -+ // Fallback to traditional paths in case we are not on NixOS. -+ if (!QFile::exists(path)) -+ path = QStringLiteral("/usr/share/zoneinfo/zone.tab"); - if (!QFile::exists(path)) - path = QStringLiteral("/usr/lib/zoneinfo/zone.tab"); - -@@ -636,12 +640,16 @@ void QTzTimeZonePrivate::init(const QByteArray &ianaId) - if (!tzif.open(QIODevice::ReadOnly)) - return; - } else { -- // Open named tz, try modern path first, if fails try legacy path -- tzif.setFileName(QLatin1String("/usr/share/zoneinfo/") + QString::fromLocal8Bit(ianaId)); -+ // Try TZDIR first, in case we're running on NixOS -+ tzif.setFileName(QFile::decodeName(qgetenv("TZDIR")) + QStringLiteral("/") + QString::fromLocal8Bit(ianaId)); - if (!tzif.open(QIODevice::ReadOnly)) { -- tzif.setFileName(QLatin1String("/usr/lib/zoneinfo/") + QString::fromLocal8Bit(ianaId)); -- if (!tzif.open(QIODevice::ReadOnly)) -- return; -+ // Open named tz, try modern path first, if fails try legacy path -+ tzif.setFileName(QLatin1String("/usr/share/zoneinfo/") + QString::fromLocal8Bit(ianaId)); -+ if (!tzif.open(QIODevice::ReadOnly)) { -+ tzif.setFileName(QLatin1String("/usr/lib/zoneinfo/") + QString::fromLocal8Bit(ianaId)); -+ if (!tzif.open(QIODevice::ReadOnly)) -+ return; -+ } - } - } - -diff --git a/src/dbus/Qt5DBusConfigExtras.cmake.in b/src/dbus/Qt5DBusConfigExtras.cmake.in -index 1d947159e2..b36865fc48 100644 ---- a/src/dbus/Qt5DBusConfigExtras.cmake.in -+++ b/src/dbus/Qt5DBusConfigExtras.cmake.in -@@ -2,11 +2,7 @@ - if (NOT TARGET Qt5::qdbuscpp2xml) - add_executable(Qt5::qdbuscpp2xml IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5DBus_install_prefix}/$${CMAKE_BIN_DIR}qdbuscpp2xml$$CMAKE_BIN_SUFFIX\") --!!ELSE -- set(imported_location \"$${CMAKE_BIN_DIR}qdbuscpp2xml$$CMAKE_BIN_SUFFIX\") --!!ENDIF -+ set(imported_location \"$$NIX_OUTPUT_DEV/bin/qdbuscpp2xml$$CMAKE_BIN_SUFFIX\") - _qt5_DBus_check_file_exists(${imported_location}) - - set_target_properties(Qt5::qdbuscpp2xml PROPERTIES -@@ -17,11 +13,7 @@ endif() - if (NOT TARGET Qt5::qdbusxml2cpp) - add_executable(Qt5::qdbusxml2cpp IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5DBus_install_prefix}/$${CMAKE_BIN_DIR}qdbusxml2cpp$$CMAKE_BIN_SUFFIX\") --!!ELSE -- set(imported_location \"$${CMAKE_BIN_DIR}qdbusxml2cpp$$CMAKE_BIN_SUFFIX\") --!!ENDIF -+ set(imported_location \"$$NIX_OUTPUT_DEV/bin/qdbusxml2cpp$$CMAKE_BIN_SUFFIX\") - _qt5_DBus_check_file_exists(${imported_location}) - - set_target_properties(Qt5::qdbusxml2cpp PROPERTIES -diff --git a/src/gui/Qt5GuiConfigExtras.cmake.in b/src/gui/Qt5GuiConfigExtras.cmake.in -index 07869efd7d..fb4183bada 100644 ---- a/src/gui/Qt5GuiConfigExtras.cmake.in -+++ b/src/gui/Qt5GuiConfigExtras.cmake.in -@@ -2,7 +2,7 @@ - !!IF !isEmpty(CMAKE_ANGLE_EGL_DLL_RELEASE) - - !!IF isEmpty(CMAKE_INCLUDE_DIR_IS_ABSOLUTE) --set(Qt5Gui_EGL_INCLUDE_DIRS \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$$CMAKE_INCLUDE_DIR/QtANGLE\") -+set(Qt5Gui_EGL_INCLUDE_DIRS \"$$NIX_OUTPUT_DEV/$$CMAKE_INCLUDE_DIR/QtANGLE\") - !!ELSE - set(Qt5Gui_EGL_INCLUDE_DIRS \"$$CMAKE_INCLUDE_DIR/QtANGLE\") - !!ENDIF -@@ -17,13 +17,13 @@ macro(_populate_qt5gui_gl_target_properties TargetName Configuration LIB_LOCATIO - set_property(TARGET Qt5::${TargetName} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - - !!IF isEmpty(CMAKE_DLL_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Gui_install_prefix}/$${CMAKE_DLL_DIR}${LIB_LOCATION}\") -+ set(imported_location \"$$NIX_OUTPUT_OUT/$${CMAKE_DLL_DIR}${LIB_LOCATION}\") - !!ELSE - set(imported_location \"$${CMAKE_DLL_DIR}${LIB_LOCATION}\") - !!ENDIF - - !!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- set(imported_implib \"${_qt5Gui_install_prefix}/$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") -+ set(imported_implib \"$$NIX_OUTPUT_OUT/$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") - !!ELSE - set(imported_implib \"$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") - !!ENDIF -diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp -index 584f0b0f0e..24d80063f2 100644 ---- a/src/network/kernel/qdnslookup_unix.cpp -+++ b/src/network/kernel/qdnslookup_unix.cpp -@@ -83,7 +83,7 @@ static bool resolveLibraryInternal() - if (!lib.load()) - #endif - { -- lib.setFileName(QLatin1String("resolv")); -+ lib.setFileName(QLatin1String(NIXPKGS_LIBRESOLV)); - if (!lib.load()) - return false; - } -diff --git a/src/network/kernel/qhostinfo_unix.cpp b/src/network/kernel/qhostinfo_unix.cpp -index dabf1913cc..53bb867e07 100644 ---- a/src/network/kernel/qhostinfo_unix.cpp -+++ b/src/network/kernel/qhostinfo_unix.cpp -@@ -94,7 +94,7 @@ static bool resolveLibraryInternal() - if (!lib.load()) - #endif - { -- lib.setFileName(QLatin1String("resolv")); -+ lib.setFileName(QLatin1String(NIXPKGS_LIBRESOLV)); - if (!lib.load()) - return false; - } -diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp -index 68caaeb6dc..fef4a81474 100644 ---- a/src/network/ssl/qsslcontext_openssl.cpp -+++ b/src/network/ssl/qsslcontext_openssl.cpp -@@ -340,7 +340,7 @@ init_context: - - const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); - if (!qcurves.isEmpty()) { --#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - // Set the curves to be used - if (q_SSLeay() >= 0x10002000L) { - // SSL_CTX_ctrl wants a non-const pointer as last argument, -@@ -354,7 +354,7 @@ init_context: - return sslContext; - } - } else --#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - { - // specific curves requested, but not possible to set -> error - sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); -diff --git a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp b/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp -index 338c7ca3be..dd52114bac 100644 ---- a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp -+++ b/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp -@@ -251,12 +251,9 @@ void TableGenerator::initPossibleLocations() - // the QTCOMPOSE environment variable - if (qEnvironmentVariableIsSet("QTCOMPOSE")) - m_possibleLocations.append(QString::fromLocal8Bit(qgetenv("QTCOMPOSE"))); -- m_possibleLocations.append(QStringLiteral("/usr/share/X11/locale")); -- m_possibleLocations.append(QStringLiteral("/usr/local/share/X11/locale")); -- m_possibleLocations.append(QStringLiteral("/usr/lib/X11/locale")); -- m_possibleLocations.append(QStringLiteral("/usr/local/lib/X11/locale")); - m_possibleLocations.append(QStringLiteral(X11_PREFIX "/share/X11/locale")); - m_possibleLocations.append(QStringLiteral(X11_PREFIX "/lib/X11/locale")); -+ m_possibleLocations.append(QLatin1String(NIXPKGS_QTCOMPOSE)); - } - - QString TableGenerator::findComposeFile() -diff --git a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -index c2b7a562a9..4fa5f6d6a5 100644 ---- a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -+++ b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -@@ -570,7 +570,14 @@ void (*QGLXContext::getProcAddress(const QByteArray &procName)) () - #ifndef QT_NO_LIBRARY - extern const QString qt_gl_library_name(); - // QLibrary lib(qt_gl_library_name()); -+ // Check system library paths first - QLibrary lib(QLatin1String("GL")); -+#ifdef NIXPKGS_MESA_GL -+ if (!lib.load()) { -+ // Fallback to Mesa driver -+ lib.setFileName(QLatin1String(NIXPKGS_MESA_GL)); -+ } -+#endif // NIXPKGS_MESA_GL - glXGetProcAddressARB = (qt_glXGetProcAddressARB) lib.resolve("glXGetProcAddressARB"); - #endif - } -diff --git a/src/plugins/platforms/xcb/qxcbcursor.cpp b/src/plugins/platforms/xcb/qxcbcursor.cpp -index 4646ced954..ff3111f393 100644 ---- a/src/plugins/platforms/xcb/qxcbcursor.cpp -+++ b/src/plugins/platforms/xcb/qxcbcursor.cpp -@@ -303,10 +303,10 @@ QXcbCursor::QXcbCursor(QXcbConnection *conn, QXcbScreen *screen) - #if defined(XCB_USE_XLIB) && !defined(QT_NO_LIBRARY) - static bool function_ptrs_not_initialized = true; - if (function_ptrs_not_initialized) { -- QLibrary xcursorLib(QLatin1String("Xcursor"), 1); -+ QLibrary xcursorLib(QLatin1String(NIXPKGS_LIBXCURSOR), 1); - bool xcursorFound = xcursorLib.load(); - if (!xcursorFound) { // try without the version number -- xcursorLib.setFileName(QLatin1String("Xcursor")); -+ xcursorLib.setFileName(QLatin1String(NIXPKGS_LIBXCURSOR)); - xcursorFound = xcursorLib.load(); - } - if (xcursorFound) { -diff --git a/src/testlib/qtestassert.h b/src/testlib/qtestassert.h -index ca3e02ca06..28dd73d772 100644 ---- a/src/testlib/qtestassert.h -+++ b/src/testlib/qtestassert.h -@@ -38,10 +38,13 @@ - - QT_BEGIN_NAMESPACE - -- --#define QTEST_ASSERT(cond) do { if (!(cond)) qt_assert(#cond,__FILE__,__LINE__); } while (0) -- --#define QTEST_ASSERT_X(cond, where, what) do { if (!(cond)) qt_assert_x(where, what,__FILE__,__LINE__); } while (0) -+#if defined(QT_NO_DEBUG) && !defined(QT_FORCE_ASSERTS) -+#define QTEST_ASSERT(cond) do { } while ((false) && (cond)) -+#define QTEST_ASSERT_X(cond, where, what) do { } while ((false) && (cond)) -+#else -+#define QTEST_ASSERT(cond) do { if (!(cond)) qt_assert(#cond,__FILE__,__LINE__); } while (false) -+#define QTEST_ASSERT_X(cond, where, what) do { if (!(cond)) qt_assert_x(where, what,__FILE__,__LINE__); } while (false) -+#endif - - QT_END_NAMESPACE - -diff --git a/src/widgets/Qt5WidgetsConfigExtras.cmake.in b/src/widgets/Qt5WidgetsConfigExtras.cmake.in -index 99d87e2e46..a4eab2aa72 100644 ---- a/src/widgets/Qt5WidgetsConfigExtras.cmake.in -+++ b/src/widgets/Qt5WidgetsConfigExtras.cmake.in -@@ -3,7 +3,7 @@ if (NOT TARGET Qt5::uic) - add_executable(Qt5::uic IMPORTED) - - !!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Widgets_install_prefix}/$${CMAKE_BIN_DIR}uic$$CMAKE_BIN_SUFFIX\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_BIN_DIR}uic$$CMAKE_BIN_SUFFIX\") - !!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}uic$$CMAKE_BIN_SUFFIX\") - !!ENDIF diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtdeclarative.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtdeclarative.patch deleted file mode 100644 index dbddaa2a1d60..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtdeclarative.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/src/qml/qml/qqmlimport.cpp b/src/qml/qml/qqmlimport.cpp -index dfdf2edbe..7ee96049d 100644 ---- a/src/qml/qml/qqmlimport.cpp -+++ b/src/qml/qml/qqmlimport.cpp -@@ -1568,6 +1568,15 @@ QQmlImportDatabase::QQmlImportDatabase(QQmlEngine *e) - QString installImportsPath = QLibraryInfo::location(QLibraryInfo::Qml2ImportsPath); - addImportPath(installImportsPath); - -+ // Add import paths derived from PATH -+ const QStringList paths = QFile::decodeName(qgetenv("PATH")).split(':'); -+ const QString qmldir = QStringLiteral("../" NIXPKGS_QML2_IMPORT_PREFIX); -+ for (const QString &path: paths) { -+ if (!path.isEmpty()) { -+ addImportPath(QDir::cleanPath(path + QDir::separator() + qmldir)); -+ } -+ } -+ - // env import paths - if (Q_UNLIKELY(!qEnvironmentVariableIsEmpty("QML2_IMPORT_PATH"))) { - const QByteArray envImportPath = qgetenv("QML2_IMPORT_PATH"); diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtscript.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtscript.patch deleted file mode 100644 index 5508dec1280e..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtscript.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h -index 1f6d25e..087c3fb 100644 ---- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h -+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h -@@ -81,7 +81,7 @@ - #include <pthread.h> - #elif PLATFORM(GTK) - #include <wtf/gtk/GOwnPtr.h> --typedef struct _GMutex GMutex; -+typedef union _GMutex GMutex; - typedef struct _GCond GCond; - #endif - diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtserialport.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtserialport.patch deleted file mode 100644 index b2cffbe4f39b..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtserialport.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/src/serialport/qtudev_p.h b/src/serialport/qtudev_p.h -index 6f2cabd..cd3c0ed 100644 ---- a/src/serialport/qtudev_p.h -+++ b/src/serialport/qtudev_p.h -@@ -105,9 +105,17 @@ inline QFunctionPointer resolveSymbol(QLibrary *udevLibrary, const char *symbolN - inline bool resolveSymbols(QLibrary *udevLibrary) - { - if (!udevLibrary->isLoaded()) { -+#ifdef NIXPKGS_LIBUDEV -+ udevLibrary->setFileNameAndVersion(QLatin1String(NIXPKGS_LIBUDEV), 1); -+#else - udevLibrary->setFileNameAndVersion(QStringLiteral("udev"), 1); -+#endif - if (!udevLibrary->load()) { -+#ifdef NIXPKGS_LIBUDEV -+ udevLibrary->setFileNameAndVersion(QLatin1String(NIXPKGS_LIBUDEV), 0); -+#else - udevLibrary->setFileNameAndVersion(QStringLiteral("udev"), 0); -+#endif - if (!udevLibrary->load()) { - qWarning("Failed to load the library: %s, supported version(s): %i and %i", qPrintable(udevLibrary->fileName()), 1, 0); - return false; diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qttools.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.6/qttools.patch deleted file mode 100644 index dcb15e0e55a6..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qttools.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff --git a/src/assistant/help/Qt5HelpConfigExtras.cmake.in b/src/assistant/help/Qt5HelpConfigExtras.cmake.in -index 5a5bd5ce..1c6727d4 100644 ---- a/src/assistant/help/Qt5HelpConfigExtras.cmake.in -+++ b/src/assistant/help/Qt5HelpConfigExtras.cmake.in -@@ -2,14 +2,13 @@ - if (NOT TARGET Qt5::qcollectiongenerator) - add_executable(Qt5::qcollectiongenerator IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Help_install_prefix}/$${CMAKE_BIN_DIR}qcollectiongenerator$$CMAKE_BIN_SUFFIX\") --!!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}qcollectiongenerator$$CMAKE_BIN_SUFFIX\") --!!ENDIF -+ if(NOT EXISTS \"${imported_location}\") -+ set(imported_location \"$${CMAKE_BIN_DIR}qcollectiongenerator$$CMAKE_BIN_SUFFIX\") -+ endif() - _qt5_Help_check_file_exists(${imported_location}) - - set_target_properties(Qt5::qcollectiongenerator PROPERTIES - IMPORTED_LOCATION ${imported_location} - ) --endif() -+endif() -\ No newline at end of file -diff --git a/src/linguist/Qt5LinguistToolsConfig.cmake.in b/src/linguist/Qt5LinguistToolsConfig.cmake.in -index 4318b16f..d60db4ff 100644 ---- a/src/linguist/Qt5LinguistToolsConfig.cmake.in -+++ b/src/linguist/Qt5LinguistToolsConfig.cmake.in -@@ -44,11 +44,7 @@ endmacro() - if (NOT TARGET Qt5::lrelease) - add_executable(Qt5::lrelease IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5_linguisttools_install_prefix}/$${CMAKE_BIN_DIR}lrelease$$CMAKE_BIN_SUFFIX\") --!!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}lrelease$$CMAKE_BIN_SUFFIX\") --!!ENDIF - _qt5_LinguistTools_check_file_exists(${imported_location}) - - set_target_properties(Qt5::lrelease PROPERTIES -@@ -59,11 +55,7 @@ endif() - if (NOT TARGET Qt5::lupdate) - add_executable(Qt5::lupdate IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5_linguisttools_install_prefix}/$${CMAKE_BIN_DIR}lupdate$$CMAKE_BIN_SUFFIX\") --!!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}lupdate$$CMAKE_BIN_SUFFIX\") --!!ENDIF - _qt5_LinguistTools_check_file_exists(${imported_location}) - - set_target_properties(Qt5::lupdate PROPERTIES -@@ -74,11 +66,7 @@ endif() - if (NOT TARGET Qt5::lconvert) - add_executable(Qt5::lconvert IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5_linguisttools_install_prefix}/$${CMAKE_BIN_DIR}lconvert$$CMAKE_BIN_SUFFIX\") --!!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}lconvert$$CMAKE_BIN_SUFFIX\") --!!ENDIF - _qt5_LinguistTools_check_file_exists(${imported_location}) - - set_target_properties(Qt5::lconvert PROPERTIES diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtwebengine-seccomp.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtwebengine-seccomp.patch deleted file mode 100644 index bf6af8059823..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtwebengine-seccomp.patch +++ /dev/null @@ -1,24 +0,0 @@ -Backported to Qt 5.6 for epoll_pwait fix on newer glibc -Part of upstream Chromium's 4e8083b4ab953ba298aedfc4e79d464be15e4012 -Review URL: https://codereview.chromium.org/1613883002 ---- -diff --git a/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -index 10278dc5fc9b..b30b3e6acef6 100644 ---- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -@@ -414,6 +414,7 @@ bool SyscallSets::IsAllowedEpoll(int sysno) { - case __NR_epoll_create: - case __NR_epoll_wait: - #endif -+ case __NR_epoll_pwait: - case __NR_epoll_create1: - case __NR_epoll_ctl: - return true; -@@ -421,7 +422,6 @@ bool SyscallSets::IsAllowedEpoll(int sysno) { - #if defined(__x86_64__) - case __NR_epoll_ctl_old: - #endif -- case __NR_epoll_pwait: - #if defined(__x86_64__) - case __NR_epoll_wait_old: - #endif diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtwebkit.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtwebkit.patch deleted file mode 100644 index da1658554e44..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/qtwebkit.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff --git a/Source/JavaScriptCore/API/JSStringRef.cpp b/Source/JavaScriptCore/API/JSStringRef.cpp -index 812f3d413..77a3fd0f4 100644 ---- a/Source/JavaScriptCore/API/JSStringRef.cpp -+++ b/Source/JavaScriptCore/API/JSStringRef.cpp -@@ -37,7 +37,7 @@ using namespace WTF::Unicode; - JSStringRef JSStringCreateWithCharacters(const JSChar* chars, size_t numChars) - { - initializeThreading(); -- return OpaqueJSString::create(chars, numChars).leakRef(); -+ return OpaqueJSString::create(reinterpret_cast<const UChar*>(chars), numChars).leakRef(); - } - - JSStringRef JSStringCreateWithUTF8CString(const char* string) -@@ -62,7 +62,7 @@ JSStringRef JSStringCreateWithUTF8CString(const char* string) - JSStringRef JSStringCreateWithCharactersNoCopy(const JSChar* chars, size_t numChars) - { - initializeThreading(); -- return OpaqueJSString::create(StringImpl::createWithoutCopying(chars, numChars, WTF::DoesNotHaveTerminatingNullCharacter)).leakRef(); -+ return OpaqueJSString::create(StringImpl::createWithoutCopying(reinterpret_cast<const UChar*>(chars), numChars, WTF::DoesNotHaveTerminatingNullCharacter)).leakRef(); - } - - JSStringRef JSStringRetain(JSStringRef string) -@@ -83,7 +83,7 @@ size_t JSStringGetLength(JSStringRef string) - - const JSChar* JSStringGetCharactersPtr(JSStringRef string) - { -- return string->characters(); -+ return reinterpret_cast<const JSChar*>(string->characters()); - } - - size_t JSStringGetMaximumUTF8CStringSize(JSStringRef string) -diff --git a/Source/JavaScriptCore/runtime/DateConversion.cpp b/Source/JavaScriptCore/runtime/DateConversion.cpp -index 0b57f012d..05e27338b 100644 ---- a/Source/JavaScriptCore/runtime/DateConversion.cpp -+++ b/Source/JavaScriptCore/runtime/DateConversion.cpp -@@ -107,7 +107,8 @@ String formatDateTime(const GregorianDateTime& t, DateTimeFormat format, bool as - #if OS(WINDOWS) - TIME_ZONE_INFORMATION timeZoneInformation; - GetTimeZoneInformation(&timeZoneInformation); -- const WCHAR* timeZoneName = t.isDST() ? timeZoneInformation.DaylightName : timeZoneInformation.StandardName; -+ const WCHAR* winTimeZoneName = t.isDST() ? timeZoneInformation.DaylightName : timeZoneInformation.StandardName; -+ String timeZoneName(reinterpret_cast<const UChar*>(winTimeZoneName)); - #else - struct tm gtm = t; - char timeZoneName[70]; -diff --git a/Source/WTF/WTF.pri b/Source/WTF/WTF.pri -index 1f4866d66..bb61e4ba3 100644 ---- a/Source/WTF/WTF.pri -+++ b/Source/WTF/WTF.pri -@@ -12,7 +12,7 @@ mac { - # Mac OS does ship libicu but not the associated header files. - # Therefore WebKit provides adequate header files. - INCLUDEPATH = $${ROOT_WEBKIT_DIR}/Source/WTF/icu $$INCLUDEPATH -- LIBS += -licucore -+ LIBS += /usr/lib/libicucore.dylib - } else:!use?(wchar_unicode): { - win32 { - CONFIG(static, static|shared) { -diff --git a/Source/WTF/wtf/TypeTraits.h b/Source/WTF/wtf/TypeTraits.h -index 9df2c95cf..f5d6121fd 100644 ---- a/Source/WTF/wtf/TypeTraits.h -+++ b/Source/WTF/wtf/TypeTraits.h -@@ -72,6 +72,9 @@ namespace WTF { - template<> struct IsInteger<unsigned long> { static const bool value = true; }; - template<> struct IsInteger<long long> { static const bool value = true; }; - template<> struct IsInteger<unsigned long long> { static const bool value = true; }; -+#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__) || (defined(_HAS_CHAR16_T_LANGUAGE_SUPPORT) && _HAS_CHAR16_T_LANGUAGE_SUPPORT) -+ template<> struct IsInteger<char16_t> { static const bool value = true; }; -+#endif - #if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED) - template<> struct IsInteger<wchar_t> { static const bool value = true; }; - #endif -diff --git a/Source/WebCore/plugins/qt/PluginPackageQt.cpp b/Source/WebCore/plugins/qt/PluginPackageQt.cpp -index a923d49aa..46772a4bb 100644 ---- a/Source/WebCore/plugins/qt/PluginPackageQt.cpp -+++ b/Source/WebCore/plugins/qt/PluginPackageQt.cpp -@@ -136,7 +136,11 @@ static void initializeGtk(QLibrary* module = 0) - } - } - -+#ifdef NIXPKGS_LIBGTK2 -+ QLibrary library(QLatin1String(NIXPKGS_LIBGTK2), 0); -+#else - QLibrary library(QLatin1String("libgtk-x11-2.0"), 0); -+#endif - if (library.load()) { - typedef void *(*gtk_init_check_ptr)(int*, char***); - gtk_init_check_ptr gtkInitCheck = (gtk_init_check_ptr)library.resolve("gtk_init_check"); -diff --git a/Source/WebCore/plugins/qt/PluginViewQt.cpp b/Source/WebCore/plugins/qt/PluginViewQt.cpp -index de06a2fea..86fe39ef1 100644 ---- a/Source/WebCore/plugins/qt/PluginViewQt.cpp -+++ b/Source/WebCore/plugins/qt/PluginViewQt.cpp -@@ -697,7 +697,11 @@ static Display *getPluginDisplay() - // support gdk based plugins (like flash) that use a different X connection. - // The code below has the same effect as this one: - // Display *gdkDisplay = gdk_x11_display_get_xdisplay(gdk_display_get_default()); -+#ifdef NIXPKGS_LIBGDK2 -+ QLibrary library(QLatin1String(NIXPKGS_LIBGDK2), 0); -+#else - QLibrary library(QLatin1String("libgdk-x11-2.0"), 0); -+#endif - if (!library.load()) - return 0; - -diff --git a/Source/WebKit2/PluginProcess/qt/PluginProcessMainQt.cpp b/Source/WebKit2/PluginProcess/qt/PluginProcessMainQt.cpp -index 8de65216b..38f5c05e5 100644 ---- a/Source/WebKit2/PluginProcess/qt/PluginProcessMainQt.cpp -+++ b/Source/WebKit2/PluginProcess/qt/PluginProcessMainQt.cpp -@@ -53,7 +53,11 @@ static void messageHandler(QtMsgType type, const QMessageLogContext&, const QStr - - static bool initializeGtk() - { -+#ifdef NIXPKGS_LIBGTK2 -+ QLibrary gtkLibrary(QLatin1String(NIXPKGS_LIBGTK2), 0); -+#else - QLibrary gtkLibrary(QLatin1String("libgtk-x11-2.0"), 0); -+#endif - if (!gtkLibrary.load()) - return false; - typedef void* (*gtk_init_ptr)(void*, void*); -diff --git a/Source/WebKit2/Shared/API/c/WKString.cpp b/Source/WebKit2/Shared/API/c/WKString.cpp -index cbac67dd8..23400a64e 100644 ---- a/Source/WebKit2/Shared/API/c/WKString.cpp -+++ b/Source/WebKit2/Shared/API/c/WKString.cpp -@@ -55,7 +55,7 @@ size_t WKStringGetLength(WKStringRef stringRef) - size_t WKStringGetCharacters(WKStringRef stringRef, WKChar* buffer, size_t bufferLength) - { - COMPILE_ASSERT(sizeof(WKChar) == sizeof(UChar), WKStringGetCharacters_sizeof_WKChar_matches_UChar); -- return (toImpl(stringRef)->getCharacters(static_cast<UChar*>(buffer), bufferLength)); -+ return (toImpl(stringRef)->getCharacters(reinterpret_cast<UChar*>(buffer), bufferLength)); - } - - size_t WKStringGetMaximumUTF8CStringSize(WKStringRef stringRef) -diff --git a/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp b/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp -index d734ff684..0f6ff63d1 100644 ---- a/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp -+++ b/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp -@@ -64,7 +64,11 @@ static Display* getPluginDisplay() - // The code below has the same effect as this one: - // Display *gdkDisplay = gdk_x11_display_get_xdisplay(gdk_display_get_default()); - -+#ifdef NIXPKGS_LIBGDK2 -+ QLibrary library(QLatin1String(NIXPKGS_LIBGDK2), 0); -+#else - QLibrary library(QLatin1String("libgdk-x11-2.0"), 0); -+#endif - if (!library.load()) - return 0; - diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.6/srcs.nix b/nixpkgs/pkgs/development/libraries/qt-5/5.6/srcs.nix deleted file mode 100644 index 87d35a43d86b..000000000000 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.6/srcs.nix +++ /dev/null @@ -1,309 +0,0 @@ -# DO NOT EDIT! This file is generated automatically by fetch-kde-qt.sh -{ fetchurl, mirror }: - -{ - qt3d = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qt3d-opensource-src-5.6.3.tar.xz"; - sha256 = "1zkzc3wh2i89nacb55mbgl09zhrjbrxg9ir626bsvz15x4q5ml0h"; - name = "qt3d-opensource-src-5.6.3.tar.xz"; - }; - }; - qtactiveqt = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtactiveqt-opensource-src-5.6.3.tar.xz"; - sha256 = "00qscqjpkv5ssrjdwwcjp9q1rqgp8lsdjjksjpyyg4v6knd74s0i"; - name = "qtactiveqt-opensource-src-5.6.3.tar.xz"; - }; - }; - qtandroidextras = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtandroidextras-opensource-src-5.6.3.tar.xz"; - sha256 = "1v19p1pqcdicylj3hd2lbm5swqddydlv9aqmws3qwsc2vwh15d4n"; - name = "qtandroidextras-opensource-src-5.6.3.tar.xz"; - }; - }; - qtbase = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtbase-opensource-src-5.6.3.tar.xz"; - sha256 = "18ad7cxln61276cm8h8hzm0y6svw6b5m5nbm1niif9pwlqlqbx7y"; - name = "qtbase-opensource-src-5.6.3.tar.xz"; - }; - }; - qtcanvas3d = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtcanvas3d-opensource-src-5.6.3.tar.xz"; - sha256 = "1zsn3xbsqapivfg80cldjlh7z07nf88958a7g6dm7figkwahx7p9"; - name = "qtcanvas3d-opensource-src-5.6.3.tar.xz"; - }; - }; - qtcharts = { - version = "2.1.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtcharts-opensource-src-2.1.3.tar.xz"; - sha256 = "0bvxmqx7094mq1svrv1i1jp6vl87r2mp7k9n3gqpixjmqaqsjdpn"; - name = "qtcharts-opensource-src-2.1.3.tar.xz"; - }; - }; - qtconnectivity = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtconnectivity-opensource-src-5.6.3.tar.xz"; - sha256 = "1pnc0zmps5iw5yhn2w0wl8cnyxhcy88d3rnaiv62ljpsccynwh7s"; - name = "qtconnectivity-opensource-src-5.6.3.tar.xz"; - }; - }; - qtdatavis3d = { - version = "1.2.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtdatavis3d-opensource-src-1.2.3.tar.xz"; - sha256 = "0rqhr6s3fic91r6r1g2ws57j6ixvkh4zhcwh7savs1risx374vya"; - name = "qtdatavis3d-opensource-src-1.2.3.tar.xz"; - }; - }; - qtdeclarative = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtdeclarative-opensource-src-5.6.3.tar.xz"; - sha256 = "1z4ih5jbydnk5dz0arhvwc54fjw7fynqx3rhm6f8lsyis19w0gzn"; - name = "qtdeclarative-opensource-src-5.6.3.tar.xz"; - }; - }; - qtdeclarative-render2d = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtdeclarative-render2d-opensource-src-5.6.3.tar.xz"; - sha256 = "0r2qn8l3wh73cj75rq34zmc6rgl7v11c31pjdcsybad76nw5wb2p"; - name = "qtdeclarative-render2d-opensource-src-5.6.3.tar.xz"; - }; - }; - qtdoc = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtdoc-opensource-src-5.6.3.tar.xz"; - sha256 = "11zhlry8hlql1q3pm4mf7qyky9i2irxqdrr9nr5m93wjyfsjbh7f"; - name = "qtdoc-opensource-src-5.6.3.tar.xz"; - }; - }; - qtenginio = { - version = "1.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtenginio-opensource-src-1.6.3.tar.xz"; - sha256 = "04ir5pa8wpkc7cq08s0b69a0vhkr7479ixn3m2vww4jm6l5hc1yr"; - name = "qtenginio-opensource-src-1.6.3.tar.xz"; - }; - }; - qtgraphicaleffects = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtgraphicaleffects-opensource-src-5.6.3.tar.xz"; - sha256 = "1vcrm4jfmxjlw23dnwf45mzq2z5s4fz6j2znknr25ca5bqnmjhn7"; - name = "qtgraphicaleffects-opensource-src-5.6.3.tar.xz"; - }; - }; - qtimageformats = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtimageformats-opensource-src-5.6.3.tar.xz"; - sha256 = "1hs8b258xsbc4xb4844mas9ka54f5cfhhszblawwjxn9j0ydmr7g"; - name = "qtimageformats-opensource-src-5.6.3.tar.xz"; - }; - }; - qtlocation = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtlocation-opensource-src-5.6.3.tar.xz"; - sha256 = "0rhlmyi5kkhl1bimaj1fmp36v7x5r79j3flgx9dv27rkric1ra5p"; - name = "qtlocation-opensource-src-5.6.3.tar.xz"; - }; - }; - qtmacextras = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtmacextras-opensource-src-5.6.3.tar.xz"; - sha256 = "10v2a058yv6k76gg9dgpy4fc0xd652dknzsw5432gm8d9391382i"; - name = "qtmacextras-opensource-src-5.6.3.tar.xz"; - }; - }; - qtmultimedia = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtmultimedia-opensource-src-5.6.3.tar.xz"; - sha256 = "0ihvbv0ldravbrx6406ps0z8y6521iz6h58n5ws44xq3m2g06dmf"; - name = "qtmultimedia-opensource-src-5.6.3.tar.xz"; - }; - }; - qtpurchasing = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtpurchasing-opensource-src-5.6.3.tar.xz"; - sha256 = "0lf269jzd6y4x5bxjwgz9dpw7hxmc6sp39qpxwlswd505cf0wgd7"; - name = "qtpurchasing-opensource-src-5.6.3.tar.xz"; - }; - }; - qtquickcontrols = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtquickcontrols-opensource-src-5.6.3.tar.xz"; - sha256 = "13nvn0d2i4lf4igc1xqf7m98n4j66az1bi02zzv5m18vyb40zfri"; - name = "qtquickcontrols-opensource-src-5.6.3.tar.xz"; - }; - }; - qtquickcontrols2 = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtquickcontrols2-opensource-src-5.6.3.tar.xz"; - sha256 = "1jw1zykrx8aa9p781hc74h9za7lnnm4ifpdyqa4ahbdy193phl7c"; - name = "qtquickcontrols2-opensource-src-5.6.3.tar.xz"; - }; - }; - qtscript = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtscript-opensource-src-5.6.3.tar.xz"; - sha256 = "12dkf2s1l9y9cwdyayg2mpnwvx14kq93pymp3iy3fw1s1vfj11zh"; - name = "qtscript-opensource-src-5.6.3.tar.xz"; - }; - }; - qtsensors = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtsensors-opensource-src-5.6.3.tar.xz"; - sha256 = "0ws96fmk5zz9szrw9x1dwa6gnv9rpv1q0h9ax9z5m1kiapfd80km"; - name = "qtsensors-opensource-src-5.6.3.tar.xz"; - }; - }; - qtserialbus = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtserialbus-opensource-src-5.6.3.tar.xz"; - sha256 = "17lskz4r549hc02riv0a3jdjbyaq4y4a94xd3jhy454lhzirpj3i"; - name = "qtserialbus-opensource-src-5.6.3.tar.xz"; - }; - }; - qtserialport = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtserialport-opensource-src-5.6.3.tar.xz"; - sha256 = "06mfkd88rcn4p8pfzsyqbfg956vwwcql0khchjgx3bh34zp1yb88"; - name = "qtserialport-opensource-src-5.6.3.tar.xz"; - }; - }; - qtsvg = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtsvg-opensource-src-5.6.3.tar.xz"; - sha256 = "1v6wz8fcgsh4lfv68bhavms0l1z3mcn8vggakc3m8rdl2wsih3qh"; - name = "qtsvg-opensource-src-5.6.3.tar.xz"; - }; - }; - qttools = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qttools-opensource-src-5.6.3.tar.xz"; - sha256 = "09krlrgcglylsv7xx4r681v7zmyy6nr8j18482skrmsqh21vlqqs"; - name = "qttools-opensource-src-5.6.3.tar.xz"; - }; - }; - qttranslations = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qttranslations-opensource-src-5.6.3.tar.xz"; - sha256 = "1avcfymi9bxk02i1rqh89c6hnvf4bg9qry94z29g1r62c80lxvbd"; - name = "qttranslations-opensource-src-5.6.3.tar.xz"; - }; - }; - qtvirtualkeyboard = { - version = "2.0"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtvirtualkeyboard-opensource-src-2.0.tar.xz"; - sha256 = "1v0saqz76h9gnb13b8mri4jq93i7f1gr7hj81zj3vz433s2klm0x"; - name = "qtvirtualkeyboard-opensource-src-2.0.tar.xz"; - }; - }; - qtwayland = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwayland-opensource-src-5.6.3.tar.xz"; - sha256 = "18ys14fzjybx02aj85vyqzsp89ypv2c6vfpklxzslwyvn9w54iss"; - name = "qtwayland-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebchannel = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwebchannel-opensource-src-5.6.3.tar.xz"; - sha256 = "04q7wmdnv4pskah2s5nnrzbsb207fvkj333m69wkqrc64anb1ccf"; - name = "qtwebchannel-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebengine = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwebengine-opensource-src-5.6.3.tar.xz"; - sha256 = "19xpvnjwrjpj6wx7sy1cs1r1ibnh5hqfk9w9rnqf5h7n77xnk780"; - name = "qtwebengine-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebkit = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/community_releases/5.6/5.6.3/qtwebkit-opensource-src-5.6.3.tar.xz"; - sha256 = "15iqgaw3jznfq1mdg1mmr7pn8w3qhw964h5m36vg3ywqayr6p309"; - name = "qtwebkit-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebkit-examples = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/community_releases/5.6/5.6.3/qtwebkit-examples-opensource-src-5.6.3.tar.xz"; - sha256 = "17hnls8j4wz0kyzzq7m3105lqz71zsxr0hya7i23pl4qc8affv1d"; - name = "qtwebkit-examples-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebsockets = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwebsockets-opensource-src-5.6.3.tar.xz"; - sha256 = "1sr8q0wqw4xwcdl6nvnv04pcjxb0fbs4ywrkcghdz2bcc52r0hx2"; - name = "qtwebsockets-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebview = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwebview-opensource-src-5.6.3.tar.xz"; - sha256 = "076q9g2ca41v8lyhn7354rs8w2ca0wp2hsxc76zprzghi5p4b2kn"; - name = "qtwebview-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwinextras = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwinextras-opensource-src-5.6.3.tar.xz"; - sha256 = "0nmhvd1g18w12q6i8s87aq7rwikcn1m8m9m0a02l3p22xvimkxzf"; - name = "qtwinextras-opensource-src-5.6.3.tar.xz"; - }; - }; - qtx11extras = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtx11extras-opensource-src-5.6.3.tar.xz"; - sha256 = "0zv70z5z48wlg0q2zd7nbp7i0wimdcalns6yg0mjp7v2w2b8wyhy"; - name = "qtx11extras-opensource-src-5.6.3.tar.xz"; - }; - }; - qtxmlpatterns = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtxmlpatterns-opensource-src-5.6.3.tar.xz"; - sha256 = "1xjimf88j2s5jrqgr9ki82zmis8r979rrzq4k6dxw43k1ngzyqd4"; - name = "qtxmlpatterns-opensource-src-5.6.3.tar.xz"; - }; - }; -} diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.9/default.nix b/nixpkgs/pkgs/development/libraries/qt-5/5.9/default.nix index 52c763263b53..b27c5d3eb58c 100644 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.9/default.nix +++ b/nixpkgs/pkgs/development/libraries/qt-5/5.9/default.nix @@ -36,7 +36,11 @@ let srcs = import ./srcs.nix { inherit fetchurl; inherit mirror; }; patches = { - qtbase = [ ./qtbase.patch ./qtbase-fixguicmake.patch ]; + qtbase = [ + ./qtbase.patch + ./qtbase-fixguicmake.patch + ./qtbase-openssl_1_1.patch + ]; qtdeclarative = [ ./qtdeclarative.patch ]; qtscript = [ ./qtscript.patch ]; qtserialport = [ ./qtserialport.patch ]; diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.9/qtbase-openssl_1_1.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.9/qtbase-openssl_1_1.patch new file mode 100644 index 000000000000..d5f4d7527cb4 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/qt-5/5.9/qtbase-openssl_1_1.patch @@ -0,0 +1,3985 @@ +commit 2d88fc0ce4ac76924a65ffd797183de9422ba672 +Author: Andreas Rammhold <andreas@rammhold.de> +Date: Wed Mar 6 00:18:51 2019 +0100 + + openssl1.1 compat + +diff --git a/config.tests/openssl/openssl.cpp b/config.tests/openssl/openssl.cpp +index 6c8a9e8f19..d33b62389c 100644 +--- a/config.tests/openssl/openssl.cpp ++++ b/config.tests/openssl/openssl.cpp +@@ -39,8 +39,8 @@ + + #include <openssl/opensslv.h> + +-#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x0090700fL || OPENSSL_VERSION_NUMBER-0 >= 0x10100000L +-# error "OpenSSL >= 0.9.7, and < 1.1.0 is required" ++#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x0090700fL ++# error "OpenSSL >= 0.9.7 is required" + #endif + + #include <openssl/ssl.h> +diff --git a/config.tests/openssl11/openssl.cpp b/config.tests/openssl11/openssl.cpp +new file mode 100644 +index 0000000000..c20cc59deb +--- /dev/null ++++ b/config.tests/openssl11/openssl.cpp +@@ -0,0 +1,48 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the config.tests of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++#include <openssl/opensslv.h> ++ ++#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L ++# error "OpenSSL >= 1.1 is required" ++#endif ++ ++int main() ++{ ++} +diff --git a/config.tests/openssl11/openssl11.pro b/config.tests/openssl11/openssl11.pro +new file mode 100644 +index 0000000000..a023aee4aa +--- /dev/null ++++ b/config.tests/openssl11/openssl11.pro +@@ -0,0 +1,2 @@ ++SOURCES = openssl.cpp ++CONFIG -= x11 qt +diff --git a/src/network/configure.json b/src/network/configure.json +index 2cf90ed94b..a021c0734b 100644 +--- a/src/network/configure.json ++++ b/src/network/configure.json +@@ -77,6 +77,17 @@ + }, + { "libs": "-lssl -lcrypto", "condition": "!config.win32" } + ] ++ }, ++ "openssl11": { ++ "label": "OpenSSL v. 1.1 support", ++ "type": "compile", ++ "test": "openssl11", ++ "sources": [ ++ { ++ "comment": "placeholder for OPENSSL_PATH", ++ "libs": "" ++ } ++ ] + } + }, + +@@ -182,7 +193,7 @@ + "enable": "input.openssl == 'yes' || input.openssl == 'linked' || input.openssl == 'runtime'", + "disable": "input.openssl == 'no' || input.ssl == 'no'", + "autoDetect": "!config.winrt", +- "condition": "!features.securetransport && (features.openssl-linked || libs.openssl_headers)", ++ "condition": "!features.securetransport && (features.openssl-linked || libs.openssl_headers || feature.opensslv11)", + "output": [ + "privateFeature", + { "type": "publicQtConfig", "condition": "!features.openssl-linked" }, +@@ -193,7 +204,7 @@ + "label": " Qt directly linked to OpenSSL", + "enable": "input.openssl == 'linked'", + "disable": "input.openssl != 'linked'", +- "condition": "!features.securetransport && libs.openssl", ++ "condition": "!features.securetransport && (libs.openssl || feature.opensslv11)", + "output": [ + "privateFeature", + { "type": "define", "name": "QT_LINKED_OPENSSL" } +@@ -213,6 +224,11 @@ + "condition": "config.winrt || features.securetransport || features.openssl", + "output": [ "publicFeature", "feature" ] + }, ++ "opensslv11": { ++ "label": "OpenSSL v. 1.1", ++ "condition": "libs.openssl11", ++ "output": ["publicFeature", "feature"] ++ }, + "sctp": { + "label": "SCTP", + "autoDetect": false, +diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp +index 28b7eda54a..71e514a025 100644 +--- a/src/network/ssl/qsslcertificate_openssl.cpp ++++ b/src/network/ssl/qsslcertificate_openssl.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -64,12 +65,14 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const + uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW + { + if (X509 * const x509 = key.d->x509) { +- (void)q_X509_cmp(x509, x509); // populate x509->sha1_hash +- // (if someone knows a better way...) +- return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed); +- } else { +- return seed; ++ const EVP_MD *sha1 = q_EVP_sha1(); ++ unsigned int len = 0; ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ q_X509_digest(x509, sha1, md, &len); ++ return qHashBits(md, len, seed); + } ++ ++ return seed; + } + + bool QSslCertificate::isNull() const +@@ -89,8 +92,7 @@ QByteArray QSslCertificate::version() const + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->versionString.isEmpty() && d->x509) +- d->versionString = +- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); ++ d->versionString = QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); + + return d->versionString; + } +@@ -99,7 +101,7 @@ QByteArray QSslCertificate::serialNumber() const + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->serialNumberString.isEmpty() && d->x509) { +- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; ++ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); + QByteArray hexString; + hexString.reserve(serialNumber->length * 3); + for (int a = 0; a < serialNumber->length; ++a) { +@@ -199,14 +201,15 @@ QMultiMap<QSsl::AlternativeNameEntryType, QString> QSslCertificate::subjectAlter + continue; + } + +- const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5)); ++ const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(genName->d.ia5)); + const QString altName = QString::fromLatin1(altNameStr, len); + if (genName->type == GEN_DNS) + result.insert(QSsl::DnsEntry, altName); + else if (genName->type == GEN_EMAIL) + result.insert(QSsl::EmailEntry, altName); + } +- q_sk_pop_free((STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_sk_free)); ++ ++ q_OPENSSL_sk_pop_free((OPENSSL_STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_OPENSSL_sk_free)); + } + + return result; +@@ -235,25 +238,26 @@ QSslKey QSslCertificate::publicKey() const + QSslKey key; + + key.d->type = QSsl::PublicKey; +- X509_PUBKEY *xkey = d->x509->cert_info->key; +- EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); ++ ++ EVP_PKEY *pkey = q_X509_get_pubkey(d->x509); + Q_ASSERT(pkey); ++ const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); + +- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { ++ if (keyType == EVP_PKEY_RSA) { + key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); + key.d->algorithm = QSsl::Rsa; + key.d->isNull = false; +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { ++ } else if (keyType == EVP_PKEY_DSA) { + key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); + key.d->algorithm = QSsl::Dsa; + key.d->isNull = false; + #ifndef OPENSSL_NO_EC +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { ++ } else if (keyType == EVP_PKEY_EC) { + key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey); + key.d->algorithm = QSsl::Ec; + key.d->isNull = false; + #endif +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { ++ } else if (keyType == EVP_PKEY_DH) { + // DH unsupported + } else { + // error? +@@ -275,7 +279,7 @@ static QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext) + X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext)); + if (!meth) { + ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext); +- QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_data(value)), ++ QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(value)), + q_ASN1_STRING_length(value)); + return result; + } +@@ -371,7 +375,7 @@ static QVariant x509ExtensionToValue(X509_EXTENSION *ext) + continue; + } + +- const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(name->d.uniformResourceIdentifier)); ++ const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(name->d.uniformResourceIdentifier)); + const QString uri = QString::fromUtf8(uriStr, len); + + result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri; +@@ -380,11 +384,7 @@ static QVariant x509ExtensionToValue(X509_EXTENSION *ext) + } + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_pop_free((_STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free)); +-#else +- q_sk_pop_free((STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free)); +-#endif ++ q_OPENSSL_sk_pop_free((OPENSSL_STACK*)info, reinterpret_cast<void(*)(void *)>(q_OPENSSL_sk_free)); + return result; + } + break; +@@ -607,7 +607,11 @@ static QMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name) + unsigned char *data = 0; + int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); + info.insertMulti(name, QString::fromUtf8((char*)data, size)); ++#if QT_CONFIG(opensslv11) ++ q_CRYPTO_free(data, 0, 0); ++#else + q_CRYPTO_free(data); ++#endif + } + + return info; +@@ -619,8 +623,9 @@ QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509) + if (!x509 || !QSslSocket::supportsSsl()) + return certificate; + +- ASN1_TIME *nbef = q_X509_get_notBefore(x509); +- ASN1_TIME *naft = q_X509_get_notAfter(x509); ++ ASN1_TIME *nbef = q_X509_getm_notBefore(x509); ++ ASN1_TIME *naft = q_X509_getm_notAfter(x509); ++ + certificate.d->notValidBefore = q_getTimeFromASN1(nbef); + certificate.d->notValidAfter = q_getTimeFromASN1(naft); + certificate.d->null = false; +diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +index c92d8fc3f8..cef503710c 100644 +--- a/src/network/ssl/qsslcontext_openssl.cpp ++++ b/src/network/ssl/qsslcontext_openssl.cpp +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. + ** Copyright (C) 2014 Governikus GmbH & Co. KG. + ** Contact: https://www.qt.io/licensing/ +@@ -41,22 +41,14 @@ + + + #include <QtNetwork/qsslsocket.h> +-#include <QtNetwork/qssldiffiehellmanparameters.h> +-#include <QtCore/qmutex.h> + + #include "private/qssl_p.h" + #include "private/qsslcontext_openssl_p.h" +-#include "private/qsslsocket_p.h" + #include "private/qsslsocket_openssl_p.h" + #include "private/qsslsocket_openssl_symbols_p.h" +-#include "private/qssldiffiehellmanparameters_p.h" + + QT_BEGIN_NAMESPACE + +-// defined in qsslsocket_openssl.cpp: +-extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); +-extern QString getErrorsFromOpenSsl(); +- + QSslContext::QSslContext() + : ctx(0), + pkey(0), +@@ -78,301 +70,6 @@ QSslContext::~QSslContext() + q_SSL_SESSION_free(session); + } + +-static inline QString msgErrorSettingEllipticCurves(const QString &why) +-{ +- return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); +-} +- +-// static +-void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) +-{ +- sslContext->sslConfiguration = configuration; +- sslContext->errorCode = QSslError::NoError; +- +- bool client = (mode == QSslSocket::SslClientMode); +- +- bool reinitialized = false; +- bool unsupportedProtocol = false; +-init_context: +- switch (sslContext->sslConfiguration.protocol()) { +- case QSsl::SslV2: +-#ifndef OPENSSL_NO_SSL2 +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); +-#else +- // SSL 2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::SslV3: +-#ifndef OPENSSL_NO_SSL3_METHOD +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); +-#else +- // SSL 3 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::SecureProtocols: +- // SSLv2 and SSLv3 will be disabled by SSL options +- // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. +- case QSsl::TlsV1SslV3: +- // SSLv2 will will be disabled by SSL options +- case QSsl::AnyProtocol: +- default: +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +- break; +- case QSsl::TlsV1_0: +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); +- break; +- case QSsl::TlsV1_1: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); +-#else +- // TLS 1.1 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::TlsV1_2: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); +-#else +- // TLS 1.2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::TlsV1_0OrLater: +- // Specific protocols will be specified via SSL options. +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +- break; +- case QSsl::TlsV1_1OrLater: +- case QSsl::TlsV1_2OrLater: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- // Specific protocols will be specified via SSL options. +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +-#else +- // TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- } +- +- if (!sslContext->ctx) { +- // After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them +- // by re-initializing the library. +- if (!reinitialized) { +- reinitialized = true; +- if (q_SSL_library_init() == 1) +- goto init_context; +- } +- +- sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( +- unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() +- ); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // Enable bug workarounds. +- long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); +- q_SSL_CTX_set_options(sslContext->ctx, options); +- +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- // Tell OpenSSL to release memory early +- // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html +- if (q_SSLeay() >= 0x10000000L) +- q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); +-#endif +- +- // Initialize ciphers +- QByteArray cipherString; +- bool first = true; +- QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); +- if (ciphers.isEmpty()) +- ciphers = QSslSocketPrivate::defaultCiphers(); +- for (const QSslCipher &cipher : qAsConst(ciphers)) { +- if (first) +- first = false; +- else +- cipherString.append(':'); +- cipherString.append(cipher.name().toLatin1()); +- } +- +- if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { +- sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- const QDateTime now = QDateTime::currentDateTimeUtc(); +- +- // Add all our CAs to this store. +- const auto caCertificates = sslContext->sslConfiguration.caCertificates(); +- for (const QSslCertificate &caCertificate : caCertificates) { +- // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: +- // +- // If several CA certificates matching the name, key identifier, and +- // serial number condition are available, only the first one will be +- // examined. This may lead to unexpected results if the same CA +- // certificate is available with different expiration dates. If a +- // ``certificate expired'' verification error occurs, no other +- // certificate will be searched. Make sure to not have expired +- // certificates mixed with valid ones. +- // +- // See also: QSslSocketBackendPrivate::verify() +- if (caCertificate.expiryDate() >= now) { +- q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); +- } +- } +- +- if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { +- // tell OpenSSL the directories where to look up the root certs on demand +- const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); +- for (const QByteArray &unixDir : unixDirs) +- q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); +- } +- +- if (!sslContext->sslConfiguration.localCertificate().isNull()) { +- // Require a private key as well. +- if (sslContext->sslConfiguration.privateKey().isNull()) { +- sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // Load certificate +- if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { +- sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { +- sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); +- } else { +- // Load private key +- sslContext->pkey = q_EVP_PKEY_new(); +- // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. +- // this lead to a memory leak. Now we use the *_set1_* functions which do not +- // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. +- if (configuration.d->privateKey.algorithm() == QSsl::Rsa) +- q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); +- else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) +- q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); +-#ifndef OPENSSL_NO_EC +- else if (configuration.d->privateKey.algorithm() == QSsl::Ec) +- q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); +-#endif +- } +- +- if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { +- sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- if (configuration.d->privateKey.algorithm() == QSsl::Opaque) +- sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey +- +- // Check if the certificate matches the private key. +- if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { +- sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // If we have any intermediate certificates then we need to add them to our chain +- bool first = true; +- for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { +- if (first) { +- first = false; +- continue; +- } +- q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, +- q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); +- } +- } +- +- // Initialize peer verification. +- if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { +- q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); +- } else { +- q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); +- } +- +- // Set verification depth. +- if (sslContext->sslConfiguration.peerVerifyDepth() != 0) +- q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); +- +- // set persisted session if the user set it +- if (!configuration.sessionTicket().isEmpty()) +- sslContext->setSessionASN1(configuration.sessionTicket()); +- +- // Set temp DH params +- QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); +- +- if (!dhparams.isValid()) { +- sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- if (!dhparams.isEmpty()) { +- const QByteArray ¶ms = dhparams.d->derData; +- const char *ptr = params.constData(); +- DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); +- if (dh == NULL) +- qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); +- q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); +- q_DH_free(dh); +- } +- +-#ifndef OPENSSL_NO_EC +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { +- q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); +- } else +-#endif +- { +- // Set temp ECDH params +- EC_KEY *ecdh = 0; +- ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); +- q_EC_KEY_free(ecdh); +- } +-#endif // OPENSSL_NO_EC +- +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +- if (!client) +- q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); +-#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +- +- const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); +- if (!qcurves.isEmpty()) { +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) +- // Set the curves to be used +- if (q_SSLeay() >= 0x10002000L) { +- // SSL_CTX_ctrl wants a non-const pointer as last argument, +- // but let's avoid a copy into a temporary array +- if (!q_SSL_CTX_ctrl(sslContext->ctx, +- SSL_CTRL_SET_CURVES, +- qcurves.size(), +- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { +- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- } +- } else +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) +- { +- // specific curves requested, but not possible to set -> error +- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); +- sslContext->errorCode = QSslError::UnspecifiedError; +- } +- } +-} +- + QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) + { + QSslContext *sslContext = new QSslContext(); +@@ -463,7 +160,7 @@ SSL* QSslContext::createSsl() + m_npnContext.len = m_supportedNPNVersions.count(); + m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; + #if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) { + // Callback's type has a parameter 'const unsigned char ** out' + // since it was introduced in 1.0.2. Internally, OpenSSL's own code + // (tests/examples) cast it to unsigned char * (since it's 'out'). +@@ -508,7 +205,7 @@ bool QSslContext::cacheSession(SSL* ssl) + unsigned char *data = reinterpret_cast<unsigned char *>(m_sessionASN1.data()); + if (!q_i2d_SSL_SESSION(session, &data)) + qCWarning(lcSsl, "could not store persistent version of SSL session"); +- m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint; ++ m_sessionTicketLifeTimeHint = q_SSL_SESSION_get_ticket_lifetime_hint(session); + } + } + +diff --git a/src/network/ssl/qsslcontext_openssl11.cpp b/src/network/ssl/qsslcontext_openssl11.cpp +new file mode 100644 +index 0000000000..787b6ae3f5 +--- /dev/null ++++ b/src/network/ssl/qsslcontext_openssl11.cpp +@@ -0,0 +1,277 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++ ++#include <QtNetwork/qsslsocket.h> ++#include <QtNetwork/qssldiffiehellmanparameters.h> ++ ++#include "private/qssl_p.h" ++#include "private/qsslcontext_openssl_p.h" ++#include "private/qsslsocket_p.h" ++#include "private/qsslsocket_openssl_p.h" ++#include "private/qsslsocket_openssl_symbols_p.h" ++#include "private/qssldiffiehellmanparameters_p.h" ++ ++#include <vector> ++ ++QT_BEGIN_NAMESPACE ++ ++// defined in qsslsocket_openssl.cpp: ++extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); ++extern QString getErrorsFromOpenSsl(); ++ ++static inline QString msgErrorSettingEllipticCurves(const QString &why) ++{ ++ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); ++} ++ ++// static ++void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) ++{ ++ sslContext->sslConfiguration = configuration; ++ sslContext->errorCode = QSslError::NoError; ++ ++ bool client = (mode == QSslSocket::SslClientMode); ++ ++ bool reinitialized = false; ++ bool unsupportedProtocol = false; ++init_context: ++ if (sslContext->sslConfiguration.protocol() == QSsl::SslV2) { ++ // SSL 2 is no longer supported, but chosen deliberately -> error ++ sslContext->ctx = nullptr; ++ unsupportedProtocol = true; ++ } else { ++ // The ssl options will actually control the supported methods ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method()); ++ } ++ ++ if (!sslContext->ctx) { ++ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them ++ // by re-initializing the library. ++ if (!reinitialized) { ++ reinitialized = true; ++ if (q_OPENSSL_init_ssl(0, nullptr) == 1) ++ goto init_context; ++ } ++ ++ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( ++ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() ++ ); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Enable bug workarounds. ++ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); ++ q_SSL_CTX_set_options(sslContext->ctx, options); ++ ++ // Tell OpenSSL to release memory early ++ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html ++ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); ++ ++ // Initialize ciphers ++ QByteArray cipherString; ++ bool first = true; ++ QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); ++ if (ciphers.isEmpty()) ++ ciphers = QSslSocketPrivate::defaultCiphers(); ++ for (const QSslCipher &cipher : qAsConst(ciphers)) { ++ if (first) ++ first = false; ++ else ++ cipherString.append(':'); ++ cipherString.append(cipher.name().toLatin1()); ++ } ++ ++ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { ++ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ const QDateTime now = QDateTime::currentDateTimeUtc(); ++ ++ // Add all our CAs to this store. ++ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); ++ for (const QSslCertificate &caCertificate : caCertificates) { ++ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: ++ // ++ // If several CA certificates matching the name, key identifier, and ++ // serial number condition are available, only the first one will be ++ // examined. This may lead to unexpected results if the same CA ++ // certificate is available with different expiration dates. If a ++ // ``certificate expired'' verification error occurs, no other ++ // certificate will be searched. Make sure to not have expired ++ // certificates mixed with valid ones. ++ // ++ // See also: QSslSocketBackendPrivate::verify() ++ if (caCertificate.expiryDate() >= now) { ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); ++ } ++ } ++ ++ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { ++ // tell OpenSSL the directories where to look up the root certs on demand ++ const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); ++ for (const QByteArray &unixDir : unixDirs) ++ q_SSL_CTX_load_verify_locations(sslContext->ctx, nullptr, unixDir.constData()); ++ } ++ ++ if (!sslContext->sslConfiguration.localCertificate().isNull()) { ++ // Require a private key as well. ++ if (sslContext->sslConfiguration.privateKey().isNull()) { ++ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Load certificate ++ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { ++ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { ++ sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); ++ } else { ++ // Load private key ++ sslContext->pkey = q_EVP_PKEY_new(); ++ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. ++ // this lead to a memory leak. Now we use the *_set1_* functions which do not ++ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. ++ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) ++ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); ++ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) ++ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); ++#ifndef OPENSSL_NO_EC ++ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) ++ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); ++#endif ++ } ++ ++ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { ++ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) ++ sslContext->pkey = nullptr; // Don't free the private key, it belongs to QSslKey ++ ++ // Check if the certificate matches the private key. ++ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { ++ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // If we have any intermediate certificates then we need to add them to our chain ++ bool first = true; ++ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { ++ if (first) { ++ first = false; ++ continue; ++ } ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, ++ q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); ++ } ++ } ++ ++ // Initialize peer verification. ++ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, nullptr); ++ } else { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); ++ } ++ ++ // Set verification depth. ++ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) ++ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); ++ ++ // set persisted session if the user set it ++ if (!configuration.sessionTicket().isEmpty()) ++ sslContext->setSessionASN1(configuration.sessionTicket()); ++ ++ // Set temp DH params ++ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); ++ ++ if (!dhparams.isValid()) { ++ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (!dhparams.isEmpty()) { ++ const QByteArray ¶ms = dhparams.d->derData; ++ const char *ptr = params.constData(); ++ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); ++ if (dh == NULL) ++ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); ++ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); ++ q_DH_free(dh); ++ } ++ ++#ifndef OPENSSL_NO_PSK ++ if (!client) ++ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); ++#endif // !OPENSSL_NO_PSK ++ ++ const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); ++ if (!qcurves.isEmpty()) { ++#ifdef OPENSSL_NO_EC ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version with disabled elliptic curves")); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++#else ++ // Set the curves to be used. ++ std::vector<int> curves; ++ curves.reserve(qcurves.size()); ++ for (const auto &sslCurve : qcurves) ++ curves.push_back(sslCurve.id); ++ if (!q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_CURVES, long(curves.size()), &curves[0])) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++#endif ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/qsslcontext_opensslpre11.cpp b/src/network/ssl/qsslcontext_opensslpre11.cpp +new file mode 100644 +index 0000000000..9c01c2f2dc +--- /dev/null ++++ b/src/network/ssl/qsslcontext_opensslpre11.cpp +@@ -0,0 +1,354 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++ ++#include <QtNetwork/qsslsocket.h> ++#include <QtNetwork/qssldiffiehellmanparameters.h> ++ ++#include "private/qssl_p.h" ++#include "private/qsslcontext_openssl_p.h" ++#include "private/qsslsocket_p.h" ++#include "private/qsslsocket_openssl_p.h" ++#include "private/qsslsocket_openssl_symbols_p.h" ++#include "private/qssldiffiehellmanparameters_p.h" ++ ++QT_BEGIN_NAMESPACE ++ ++// defined in qsslsocket_openssl.cpp: ++extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); ++extern QString getErrorsFromOpenSsl(); ++ ++static inline QString msgErrorSettingEllipticCurves(const QString &why) ++{ ++ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); ++} ++ ++// static ++void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) ++{ ++ sslContext->sslConfiguration = configuration; ++ sslContext->errorCode = QSslError::NoError; ++ ++ bool client = (mode == QSslSocket::SslClientMode); ++ ++ bool reinitialized = false; ++ bool unsupportedProtocol = false; ++init_context: ++ switch (sslContext->sslConfiguration.protocol()) { ++ case QSsl::SslV2: ++#ifndef OPENSSL_NO_SSL2 ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); ++#else ++ // SSL 2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::SslV3: ++#ifndef OPENSSL_NO_SSL3_METHOD ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); ++#else ++ // SSL 3 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::SecureProtocols: ++ // SSLv2 and SSLv3 will be disabled by SSL options ++ // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. ++ case QSsl::TlsV1SslV3: ++ // SSLv2 will will be disabled by SSL options ++ case QSsl::AnyProtocol: ++ default: ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++ break; ++ case QSsl::TlsV1_0: ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); ++ break; ++ case QSsl::TlsV1_1: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); ++#else ++ // TLS 1.1 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::TlsV1_2: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); ++#else ++ // TLS 1.2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::TlsV1_0OrLater: ++ // Specific protocols will be specified via SSL options. ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++ break; ++ case QSsl::TlsV1_1OrLater: ++ case QSsl::TlsV1_2OrLater: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ // Specific protocols will be specified via SSL options. ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++#else ++ // TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ } ++ ++ if (!sslContext->ctx) { ++ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them ++ // by re-initializing the library. ++ if (!reinitialized) { ++ reinitialized = true; ++ if (q_SSL_library_init() == 1) ++ goto init_context; ++ } ++ ++ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( ++ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() ++ ); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Enable bug workarounds. ++ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); ++ q_SSL_CTX_set_options(sslContext->ctx, options); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++ // Tell OpenSSL to release memory early ++ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html ++ if (q_SSLeay() >= 0x10000000L) ++ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); ++#endif ++ ++ // Initialize ciphers ++ QByteArray cipherString; ++ bool first = true; ++ QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); ++ if (ciphers.isEmpty()) ++ ciphers = QSslSocketPrivate::defaultCiphers(); ++ for (const QSslCipher &cipher : qAsConst(ciphers)) { ++ if (first) ++ first = false; ++ else ++ cipherString.append(':'); ++ cipherString.append(cipher.name().toLatin1()); ++ } ++ ++ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { ++ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ const QDateTime now = QDateTime::currentDateTimeUtc(); ++ ++ // Add all our CAs to this store. ++ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); ++ for (const QSslCertificate &caCertificate : caCertificates) { ++ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: ++ // ++ // If several CA certificates matching the name, key identifier, and ++ // serial number condition are available, only the first one will be ++ // examined. This may lead to unexpected results if the same CA ++ // certificate is available with different expiration dates. If a ++ // ``certificate expired'' verification error occurs, no other ++ // certificate will be searched. Make sure to not have expired ++ // certificates mixed with valid ones. ++ // ++ // See also: QSslSocketBackendPrivate::verify() ++ if (caCertificate.expiryDate() >= now) { ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); ++ } ++ } ++ ++ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { ++ // tell OpenSSL the directories where to look up the root certs on demand ++ const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); ++ for (const QByteArray &unixDir : unixDirs) ++ q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); ++ } ++ ++ if (!sslContext->sslConfiguration.localCertificate().isNull()) { ++ // Require a private key as well. ++ if (sslContext->sslConfiguration.privateKey().isNull()) { ++ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Load certificate ++ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { ++ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { ++ sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); ++ } else { ++ // Load private key ++ sslContext->pkey = q_EVP_PKEY_new(); ++ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. ++ // this lead to a memory leak. Now we use the *_set1_* functions which do not ++ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. ++ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) ++ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); ++ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) ++ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); ++#ifndef OPENSSL_NO_EC ++ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) ++ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); ++#endif ++ } ++ ++ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { ++ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) ++ sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey ++ ++ // Check if the certificate matches the private key. ++ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { ++ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // If we have any intermediate certificates then we need to add them to our chain ++ bool first = true; ++ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { ++ if (first) { ++ first = false; ++ continue; ++ } ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, ++ q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); ++ } ++ } ++ ++ // Initialize peer verification. ++ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); ++ } else { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); ++ } ++ ++ // Set verification depth. ++ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) ++ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); ++ ++ // set persisted session if the user set it ++ if (!configuration.sessionTicket().isEmpty()) ++ sslContext->setSessionASN1(configuration.sessionTicket()); ++ ++ // Set temp DH params ++ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); ++ ++ if (!dhparams.isValid()) { ++ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (!dhparams.isEmpty()) { ++ const QByteArray ¶ms = dhparams.d->derData; ++ const char *ptr = params.constData(); ++ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); ++ if (dh == NULL) ++ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); ++ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); ++ q_DH_free(dh); ++ } ++ ++#ifndef OPENSSL_NO_EC ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) { ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); ++ } else ++#endif ++ { ++ // Set temp ECDH params ++ EC_KEY *ecdh = 0; ++ ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ++ q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); ++ q_EC_KEY_free(ecdh); ++ } ++#endif // OPENSSL_NO_EC ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) ++ if (!client) ++ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); ++#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) ++ ++ const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); ++ if (!qcurves.isEmpty()) { ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++ // Set the curves to be used ++ if (q_SSLeay() >= 0x10002000L) { ++ // SSL_CTX_ctrl wants a non-const pointer as last argument, ++ // but let's avoid a copy into a temporary array ++ if (!q_SSL_CTX_ctrl(sslContext->ctx, ++ SSL_CTRL_SET_CURVES, ++ qcurves.size(), ++ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ } else ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++ { ++ // specific curves requested, but not possible to set -> error ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +index 90687b05c5..5ebad822f1 100644 +--- a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp ++++ b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -50,8 +51,8 @@ + #include <QtCore/qdebug.h> + #endif + +-// For q_BN_is_word. + #include <openssl/bn.h> ++#include <openssl/dh.h> + + QT_BEGIN_NAMESPACE + +@@ -62,13 +63,6 @@ static bool isSafeDH(DH *dh) + + QSslSocketPrivate::ensureInitialized(); + +- // Mark p < 1024 bits as unsafe. +- if (q_BN_num_bits(dh->p) < 1024) { +- return false; +- } +- +- if (q_DH_check(dh, &status) != 1) +- return false; + + // From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters: + // +@@ -81,11 +75,39 @@ static bool isSafeDH(DH *dh) + // Without the test, the IETF parameters would + // fail validation. For details, see Diffie-Hellman + // Parameter Check (when g = 2, must p mod 24 == 11?). ++#if QT_CONFIG(opensslv11) ++ // Mark p < 1024 bits as unsafe. ++ if (q_DH_bits(dh) < 1024) ++ return false; ++ ++ if (q_DH_check(dh, &status) != 1) ++ return false; ++ ++ const BIGNUM *p = nullptr; ++ const BIGNUM *q = nullptr; ++ const BIGNUM *g = nullptr; ++ q_DH_get0_pqg(dh, &p, &q, &g); ++ ++ if (q_BN_is_word(const_cast<BIGNUM *>(g), DH_GENERATOR_2)) { ++ long residue = q_BN_mod_word(p, 24); ++ if (residue == 11 || residue == 23) ++ status &= ~DH_NOT_SUITABLE_GENERATOR; ++ } ++ ++#else ++ // Mark p < 1024 bits as unsafe. ++ if (q_BN_num_bits(dh->p) < 1024) ++ return false; ++ ++ if (q_DH_check(dh, &status) != 1) ++ return false; ++ + if (q_BN_is_word(dh->g, DH_GENERATOR_2)) { + long residue = q_BN_mod_word(dh->p, 24); + if (residue == 11 || residue == 23) + status &= ~DH_NOT_SUITABLE_GENERATOR; + } ++#endif + + bad |= DH_CHECK_P_NOT_PRIME; + bad |= DH_CHECK_P_NOT_SAFE_PRIME; +diff --git a/src/network/ssl/qsslellipticcurve.h b/src/network/ssl/qsslellipticcurve.h +index 231566063e..57dda19bad 100644 +--- a/src/network/ssl/qsslellipticcurve.h ++++ b/src/network/ssl/qsslellipticcurve.h +@@ -80,6 +80,7 @@ private: + friend Q_DECL_CONSTEXPR bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW; + friend Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed) Q_DECL_NOTHROW; + ++ friend class QSslContext; + friend class QSslSocketPrivate; + friend class QSslSocketBackendPrivate; + }; +diff --git a/src/network/ssl/qsslellipticcurve_openssl.cpp b/src/network/ssl/qsslellipticcurve_openssl.cpp +index e18197b703..8cd14837f0 100644 +--- a/src/network/ssl/qsslellipticcurve_openssl.cpp ++++ b/src/network/ssl/qsslellipticcurve_openssl.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -78,17 +79,18 @@ QSslEllipticCurve QSslEllipticCurve::fromShortName(const QString &name) + QSslEllipticCurve result; + + #ifndef OPENSSL_NO_EC +- const QByteArray curveNameLatin1 = name.toLatin1(); + ++ const QByteArray curveNameLatin1 = name.toLatin1(); + int nid = q_OBJ_sn2nid(curveNameLatin1.data()); + + #if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (nid == 0 && q_SSLeay() >= 0x10002000L) ++ if (nid == 0 && QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) + nid = q_EC_curve_nist2nid(curveNameLatin1.data()); + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + + result.id = nid; +-#endif ++ ++#endif // !OPENSSL_NO_EC + + return result; + } +diff --git a/src/network/ssl/qsslkey_openssl.cpp b/src/network/ssl/qsslkey_openssl.cpp +index 26119023d1..2b03af9441 100644 +--- a/src/network/ssl/qsslkey_openssl.cpp ++++ b/src/network/ssl/qsslkey_openssl.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -87,33 +88,32 @@ bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey) + if (pkey == nullptr) + return false; + +- if (pkey->type == EVP_PKEY_RSA) { ++#if QT_CONFIG(opensslv11) ++ const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); ++#else ++ const int keyType = pkey->type; ++#endif ++ if (keyType == EVP_PKEY_RSA) { + isNull = false; + algorithm = QSsl::Rsa; + type = QSsl::PrivateKey; + +- rsa = q_RSA_new(); +- memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA)); +- ++ rsa = q_EVP_PKEY_get1_RSA(pkey); + return true; +- } +- else if (pkey->type == EVP_PKEY_DSA) { ++ } else if (keyType == EVP_PKEY_DSA) { + isNull = false; + algorithm = QSsl::Dsa; + type = QSsl::PrivateKey; + +- dsa = q_DSA_new(); +- memcpy(dsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA)); +- ++ dsa = q_EVP_PKEY_get1_DSA(pkey); + return true; + } + #ifndef OPENSSL_NO_EC +- else if (pkey->type == EVP_PKEY_EC) { ++ else if (keyType == EVP_PKEY_EC) { + isNull = false; + algorithm = QSsl::Ec; + type = QSsl::PrivateKey; +- ec = q_EC_KEY_dup(q_EVP_PKEY_get1_EC_KEY(pkey)); +- ++ ec = q_EVP_PKEY_get1_EC_KEY(pkey); + return true; + } + #endif +@@ -181,8 +181,8 @@ int QSslKeyPrivate::length() const + return -1; + + switch (algorithm) { +- case QSsl::Rsa: return q_BN_num_bits(rsa->n); +- case QSsl::Dsa: return q_BN_num_bits(dsa->p); ++ case QSsl::Rsa: return q_RSA_bits(rsa); ++ case QSsl::Dsa: return q_DSA_bits(dsa); + #ifndef OPENSSL_NO_EC + case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec)); + #endif +@@ -276,7 +276,13 @@ Qt::HANDLE QSslKeyPrivate::handle() const + + static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc) + { +- EVP_CIPHER_CTX ctx; ++#if QT_CONFIG(opensslv11) ++ EVP_CIPHER_CTX *ctx = q_EVP_CIPHER_CTX_new(); ++#else ++ EVP_CIPHER_CTX evpCipherContext; ++ EVP_CIPHER_CTX *ctx = &evpCipherContext; ++#endif ++ + const EVP_CIPHER* type = 0; + int i = 0, len = 0; + +@@ -294,21 +300,44 @@ static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, + + QByteArray output; + output.resize(data.size() + EVP_MAX_BLOCK_LENGTH); +- q_EVP_CIPHER_CTX_init(&ctx); +- q_EVP_CipherInit(&ctx, type, NULL, NULL, enc); +- q_EVP_CIPHER_CTX_set_key_length(&ctx, key.size()); ++ ++#if QT_CONFIG(opensslv11) ++ q_EVP_CIPHER_CTX_reset(ctx); ++#else ++ q_EVP_CIPHER_CTX_init(ctx); ++#endif ++ ++ q_EVP_CipherInit(ctx, type, NULL, NULL, enc); ++ q_EVP_CIPHER_CTX_set_key_length(ctx, key.size()); + if (cipher == QSslKeyPrivate::Rc2Cbc) +- q_EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); +- q_EVP_CipherInit(&ctx, NULL, ++ q_EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); ++ ++#if QT_CONFIG(opensslv11) ++ // EVP_CipherInit in 1.1 resets the context thus making the calls above useless. ++ // We call EVP_CipherInit_ex instead. ++ q_EVP_CipherInit_ex(ctx, nullptr, nullptr, ++ reinterpret_cast<const unsigned char *>(key.constData()), ++ reinterpret_cast<const unsigned char *>(iv.constData()), ++ enc); ++#else ++ q_EVP_CipherInit(ctx, NULL, + reinterpret_cast<const unsigned char *>(key.constData()), + reinterpret_cast<const unsigned char *>(iv.constData()), enc); +- q_EVP_CipherUpdate(&ctx, ++#endif // opensslv11 ++ ++ q_EVP_CipherUpdate(ctx, + reinterpret_cast<unsigned char *>(output.data()), &len, + reinterpret_cast<const unsigned char *>(data.constData()), data.size()); +- q_EVP_CipherFinal(&ctx, ++ q_EVP_CipherFinal(ctx, + reinterpret_cast<unsigned char *>(output.data()) + len, &i); + len += i; +- q_EVP_CIPHER_CTX_cleanup(&ctx); ++ ++#if QT_CONFIG(opensslv11) ++ q_EVP_CIPHER_CTX_reset(ctx); ++ q_EVP_CIPHER_CTX_free(ctx); ++#else ++ q_EVP_CIPHER_CTX_cleanup(ctx); ++#endif + + return output.left(len); + } +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index f5b493897e..45cea490fc 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 Governikus GmbH & Co. KG + ** Contact: https://www.qt.io/licensing/ + ** +@@ -97,70 +97,6 @@ bool QSslSocketPrivate::s_loadRootCertsOnDemand = false; + int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; + #endif + +-/* \internal +- +- From OpenSSL's thread(3) manual page: +- +- OpenSSL can safely be used in multi-threaded applications provided that at +- least two callback functions are set. +- +- locking_function(int mode, int n, const char *file, int line) is needed to +- perform locking on shared data structures. (Note that OpenSSL uses a +- number of global data structures that will be implicitly shared +- whenever multiple threads use OpenSSL.) Multi-threaded +- applications will crash at random if it is not set. ... +- ... +- id_function(void) is a function that returns a thread ID. It is not +- needed on Windows nor on platforms where getpid() returns a different +- ID for each thread (most notably Linux) +-*/ +-class QOpenSslLocks +-{ +-public: +- inline QOpenSslLocks() +- : initLocker(QMutex::Recursive), +- locksLocker(QMutex::Recursive) +- { +- QMutexLocker locker(&locksLocker); +- int numLocks = q_CRYPTO_num_locks(); +- locks = new QMutex *[numLocks]; +- memset(locks, 0, numLocks * sizeof(QMutex *)); +- } +- inline ~QOpenSslLocks() +- { +- QMutexLocker locker(&locksLocker); +- for (int i = 0; i < q_CRYPTO_num_locks(); ++i) +- delete locks[i]; +- delete [] locks; +- +- QSslSocketPrivate::deinitialize(); +- } +- inline QMutex *lock(int num) +- { +- QMutexLocker locker(&locksLocker); +- QMutex *tmp = locks[num]; +- if (!tmp) +- tmp = locks[num] = new QMutex(QMutex::Recursive); +- return tmp; +- } +- +- QMutex *globalLock() +- { +- return &locksLocker; +- } +- +- QMutex *initLock() +- { +- return &initLocker; +- } +- +-private: +- QMutex initLocker; +- QMutex locksLocker; +- QMutex **locks; +-}; +-Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) +- + QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() + { + QString errorString; +@@ -175,20 +111,6 @@ QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() + } + + extern "C" { +-static void locking_function(int mode, int lockNumber, const char *, int) +-{ +- QMutex *mutex = openssl_locks()->lock(lockNumber); +- +- // Lock or unlock it +- if (mode & CRYPTO_LOCK) +- mutex->lock(); +- else +- mutex->unlock(); +-} +-static unsigned long id_function() +-{ +- return (quintptr)QThread::currentThreadId(); +-} + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) + static unsigned int q_ssl_psk_client_callback(SSL *ssl, +@@ -227,7 +149,7 @@ QSslSocketBackendPrivate::~QSslSocketBackendPrivate() + destroySslContext(); + } + +-QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) ++QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher) + { + QSslCipher ciph; + +@@ -283,6 +205,7 @@ struct QSslErrorList + QMutex mutex; + QVector<QSslErrorEntry> errors; + }; ++ + Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList) + + int q_X509Callback(int ok, X509_STORE_CTX *ctx) +@@ -312,7 +235,7 @@ int q_X509Callback(int ok, X509_STORE_CTX *ctx) + } + #endif + } +- // Always return OK to allow verification to continue. We're handle the ++ // Always return OK to allow verification to continue. We handle the + // errors gracefully after collecting all errors, after verification has + // completed. + return 1; +@@ -397,7 +320,7 @@ bool QSslSocketBackendPrivate::initSslContext() + if (configuration.protocol != QSsl::SslV2 && + configuration.protocol != QSsl::SslV3 && + configuration.protocol != QSsl::UnknownProtocol && +- mode == QSslSocket::SslClientMode && q_SSLeay() >= 0x00090806fL) { ++ mode == QSslSocket::SslClientMode && QSslSocket::sslLibraryVersionNumber() >= 0x00090806fL) { + // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. + QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; + if (tlsHostName.isEmpty()) +@@ -438,13 +361,13 @@ bool QSslSocketBackendPrivate::initSslContext() + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L + // Save a pointer to this object into the SSL structure. +- if (q_SSLeay() >= 0x10001000L) ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) + q_SSL_set_ex_data(ssl, s_indexForSSLExtraData, this); + #endif + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) + // Set the client callback for PSK +- if (q_SSLeay() >= 0x10001000L) { ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) { + if (mode == QSslSocket::SslClientMode) + q_SSL_set_psk_client_callback(ssl, &q_ssl_psk_client_callback); + else if (mode == QSslSocket::SslServerMode) +@@ -464,16 +387,6 @@ void QSslSocketBackendPrivate::destroySslContext() + sslContextPointer.clear(); + } + +-/*! +- \internal +-*/ +-void QSslSocketPrivate::deinitialize() +-{ +- q_CRYPTO_set_id_callback(0); +- q_CRYPTO_set_locking_callback(0); +- q_ERR_free_strings(); +-} +- + /*! + \internal + +@@ -486,91 +399,6 @@ bool QSslSocketPrivate::supportsSsl() + return ensureLibraryLoaded(); + } + +-bool QSslSocketPrivate::ensureLibraryLoaded() +-{ +- if (!q_resolveOpenSslSymbols()) +- return false; +- +- // Check if the library itself needs to be initialized. +- QMutexLocker locker(openssl_locks()->initLock()); +- +- if (!s_libraryLoaded) { +- s_libraryLoaded = true; +- +- // Initialize OpenSSL. +- q_CRYPTO_set_id_callback(id_function); +- q_CRYPTO_set_locking_callback(locking_function); +- if (q_SSL_library_init() != 1) +- return false; +- q_SSL_load_error_strings(); +- q_OpenSSL_add_all_algorithms(); +- +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- if (q_SSLeay() >= 0x10001000L) +- QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); +-#endif +- +- // Initialize OpenSSL's random seed. +- if (!q_RAND_status()) { +- qWarning("Random number generator not seeded, disabling SSL support"); +- return false; +- } +- } +- return true; +-} +- +-void QSslSocketPrivate::ensureCiphersAndCertsLoaded() +-{ +- QMutexLocker locker(openssl_locks()->initLock()); +- if (s_loadedCiphersAndCerts) +- return; +- s_loadedCiphersAndCerts = true; +- +- resetDefaultCiphers(); +- resetDefaultEllipticCurves(); +- +-#if QT_CONFIG(library) +- //load symbols needed to receive certificates from system store +-#if defined(Q_OS_WIN) +- HINSTANCE hLib = LoadLibraryW(L"Crypt32"); +- if (hLib) { +- ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); +- ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); +- ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); +- if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) +- qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen +- } else { +- qCWarning(lcSsl, "could not load crypt32 library"); // should never happen +- } +-#elif defined(Q_OS_QNX) +- s_loadRootCertsOnDemand = true; +-#elif defined(Q_OS_UNIX) && !defined(Q_OS_MAC) +- // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) +- QList<QByteArray> dirs = unixRootCertDirectories(); +- QStringList symLinkFilter; +- symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); +- for (int a = 0; a < dirs.count(); ++a) { +- QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); +- if (iterator.hasNext()) { +- s_loadRootCertsOnDemand = true; +- break; +- } +- } +-#endif +-#endif // QT_CONFIG(library) +- // if on-demand loading was not enabled, load the certs now +- if (!s_loadRootCertsOnDemand) +- setDefaultCaCertificates(systemCaCertificates()); +-#ifdef Q_OS_WIN +- //Enabled for fetching additional root certs from windows update on windows 6+ +- //This flag is set false by setDefaultCaCertificates() indicating the app uses +- //its own cert bundle rather than the system one. +- //Same logic that disables the unix on demand cert loading. +- //Unlike unix, we do preload the certificates from the cert store. +- if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) +- s_loadRootCertsOnDemand = true; +-#endif +-} + + /*! + \internal +@@ -587,26 +415,6 @@ void QSslSocketPrivate::ensureInitialized() + ensureCiphersAndCertsLoaded(); + } + +-long QSslSocketPrivate::sslLibraryVersionNumber() +-{ +- if (!supportsSsl()) +- return 0; +- +- return q_SSLeay(); +-} +- +-QString QSslSocketPrivate::sslLibraryVersionString() +-{ +- if (!supportsSsl()) +- return QString(); +- +- const char *versionString = q_SSLeay_version(SSLEAY_VERSION); +- if (!versionString) +- return QString(); +- +- return QString::fromLatin1(versionString); +-} +- + long QSslSocketPrivate::sslLibraryBuildVersionNumber() + { + return OPENSSL_VERSION_NUMBER; +@@ -628,7 +436,11 @@ QString QSslSocketPrivate::sslLibraryBuildVersionString() + */ + void QSslSocketPrivate::resetDefaultCiphers() + { ++#if QT_CONFIG(opensslv11) ++ SSL_CTX *myCtx = q_SSL_CTX_new(q_TLS_client_method()); ++#else + SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); ++#endif + SSL *mySsl = q_SSL_new(myCtx); + + QList<QSslCipher> ciphers; +@@ -664,7 +476,7 @@ void QSslSocketPrivate::resetDefaultEllipticCurves() + QVector<QSslEllipticCurve> curves; + + #ifndef OPENSSL_NO_EC +- const size_t curveCount = q_EC_get_builtin_curves(NULL, 0); ++ const size_t curveCount = q_EC_get_builtin_curves(nullptr, 0); + + QVarLengthArray<EC_builtin_curve> builtinCurves(static_cast<int>(curveCount)); + +@@ -698,13 +510,14 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() + if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) { + HCERTSTORE hSystemStore; + hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); +- if(hSystemStore) { +- PCCERT_CONTEXT pc = NULL; +- while(1) { +- pc = ptrCertFindCertificateInStore( hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, pc); +- if(!pc) ++ if (hSystemStore) { ++ PCCERT_CONTEXT pc = nullptr; ++ while (1) { ++ pc = ptrCertFindCertificateInStore(hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, nullptr, pc); ++ if (!pc) + break; +- QByteArray der((const char *)(pc->pbCertEncoded), static_cast<int>(pc->cbCertEncoded)); ++ QByteArray der(reinterpret_cast<const char *>(pc->pbCertEncoded), ++ static_cast<int>(pc->cbCertEncoded)); + QSslCertificate cert(der, QSsl::Der); + systemCerts.append(cert); + } +@@ -1504,14 +1317,8 @@ QSslCipher QSslSocketBackendPrivate::sessionCipher() const + { + if (!ssl) + return QSslCipher(); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- // FIXME This is fairly evil, but needed to keep source level compatibility +- // with the OpenSSL 0.9.x implementation at maximum -- some other functions +- // don't take a const SSL_CIPHER* when they should +- SSL_CIPHER *sessionCipher = const_cast<SSL_CIPHER *>(q_SSL_get_current_cipher(ssl)); +-#else +- SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); +-#endif ++ ++ const SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); + return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); + } + +@@ -1537,112 +1344,6 @@ QSsl::SslProtocol QSslSocketBackendPrivate::sessionProtocol() const + return QSsl::UnknownProtocol; + } + +-void QSslSocketBackendPrivate::continueHandshake() +-{ +- Q_Q(QSslSocket); +- // if we have a max read buffer size, reset the plain socket's to match +- if (readBufferMaxSize) +- plainSocket->setReadBufferSize(readBufferMaxSize); +- +- if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) +- configuration.peerSessionShared = true; +- +-#ifdef QT_DECRYPT_SSL_TRAFFIC +- if (ssl->session && ssl->s3) { +- const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); +- QByteArray masterKey(mk, ssl->session->master_key_length); +- const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); +- QByteArray clientRandom(random, SSL3_RANDOM_SIZE); +- +- // different format, needed for e.g. older Wireshark versions: +-// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); +-// QByteArray sessionID(sid, ssl->session->session_id_length); +-// QByteArray debugLineRSA("RSA Session-ID:"); +-// debugLineRSA.append(sessionID.toHex().toUpper()); +-// debugLineRSA.append(" Master-Key:"); +-// debugLineRSA.append(masterKey.toHex().toUpper()); +-// debugLineRSA.append("\n"); +- +- QByteArray debugLineClientRandom("CLIENT_RANDOM "); +- debugLineClientRandom.append(clientRandom.toHex().toUpper()); +- debugLineClientRandom.append(" "); +- debugLineClientRandom.append(masterKey.toHex().toUpper()); +- debugLineClientRandom.append("\n"); +- +- QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); +- QFile file(sslKeyFile); +- if (!file.open(QIODevice::Append)) +- qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; +- if (!file.write(debugLineClientRandom)) +- qCWarning(lcSsl) << "could not write to file" << sslKeyFile; +- file.close(); +- } else { +- qCWarning(lcSsl, "could not decrypt SSL traffic"); +- } +-#endif +- +- // Cache this SSL session inside the QSslContext +- if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { +- if (!sslContextPointer->cacheSession(ssl)) { +- sslContextPointer.clear(); // we could not cache the session +- } else { +- // Cache the session for permanent usage as well +- if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { +- if (!sslContextPointer->sessionASN1().isEmpty()) +- configuration.sslSession = sslContextPointer->sessionASN1(); +- configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); +- } +- } +- } +- +-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +- +- configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; +- if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { +- // we could not agree -> be conservative and use HTTP/1.1 +- configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); +- } else { +- const unsigned char *proto = 0; +- unsigned int proto_len = 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { +- q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); +- if (proto_len && mode == QSslSocket::SslClientMode) { +- // Client does not have a callback that sets it ... +- configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; +- } +- } +- +- if (!proto_len) { // Test if NPN was more lucky ... +-#else +- { +-#endif +- q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); +- } +- +- if (proto_len) +- configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); +- else +- configuration.nextNegotiatedProtocol.clear(); +- } +-#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... +- +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { +- EVP_PKEY *key; +- if (q_SSL_get_server_tmp_key(ssl, &key)) +- configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); +- } +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... +- +- connectionEncrypted = true; +- emit q->encrypted(); +- if (autoStartHandshake && pendingClose) { +- pendingClose = false; +- q->disconnectFromHost(); +- } +-} +- + QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) + { + ensureInitialized(); +@@ -1696,12 +1397,12 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & + QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex); + + // Register a custom callback to get all verification errors. +- X509_STORE_set_verify_cb_func(certStore, q_X509Callback); ++ q_X509_STORE_set_verify_cb(certStore, q_X509Callback); + + // Build the chain of intermediate certificates + STACK_OF(X509) *intermediates = 0; + if (certificateChain.length() > 1) { +- intermediates = (STACK_OF(X509) *) q_sk_new_null(); ++ intermediates = (STACK_OF(X509) *) q_OPENSSL_sk_new_null(); + + if (!intermediates) { + q_X509_STORE_free(certStore); +@@ -1715,11 +1416,8 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & + first = false; + continue; + } +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_push( (_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); +-#else +- q_sk_push( (STACK *)intermediates, reinterpret_cast<char *>(cert.handle())); +-#endif ++ ++ q_OPENSSL_sk_push((OPENSSL_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); + } + } + +@@ -1743,11 +1441,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & + (void) q_X509_verify_cert(storeContext); + + q_X509_STORE_CTX_free(storeContext); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_free( (_STACK *) intermediates); +-#else +- q_sk_free( (STACK *) intermediates); +-#endif ++ q_OPENSSL_sk_free((OPENSSL_STACK *)intermediates); + + // Now process the errors + const auto errorList = std::move(_q_sslErrorList()->errors); +@@ -1821,7 +1515,8 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device, + // Convert to Qt types + if (!key->d->fromEVP_PKEY(pkey)) { + qCWarning(lcSsl, "Unable to convert private key"); +- q_sk_pop_free(reinterpret_cast<STACK *>(ca), reinterpret_cast<void(*)(void*)>(q_sk_free)); ++ q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca), ++ reinterpret_cast<void (*)(void *)>(q_OPENSSL_sk_free)); + q_X509_free(x509); + q_EVP_PKEY_free(pkey); + q_PKCS12_free(p12); +@@ -1836,7 +1531,11 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device, + *caCertificates = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ca); + + // Clean up +- q_sk_pop_free(reinterpret_cast<STACK *>(ca), reinterpret_cast<void(*)(void*)>(q_sk_free)); ++ // TODO: verify ASAP, in the past we had sk_pop_free with q_OPENSSL_sk_free ++ // which seems to be blatantly wrong and even crashes with 1.1. ++ q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca), ++ reinterpret_cast<void (*)(void *)>(q_X509_free)); ++ + q_X509_free(x509); + q_EVP_PKEY_free(pkey); + q_PKCS12_free(p12); +diff --git a/src/network/ssl/qsslsocket_openssl11.cpp b/src/network/ssl/qsslsocket_openssl11.cpp +new file mode 100644 +index 0000000000..b6d18943a5 +--- /dev/null ++++ b/src/network/ssl/qsslsocket_openssl11.cpp +@@ -0,0 +1,285 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 Governikus GmbH & Co. KG ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++//#define QT_DECRYPT_SSL_TRAFFIC ++ ++#include "qssl_p.h" ++#include "qsslsocket_openssl_p.h" ++#include "qsslsocket_openssl_symbols_p.h" ++#include "qsslsocket.h" ++#include "qsslkey.h" ++ ++#include <QtCore/qdebug.h> ++#include <QtCore/qdir.h> ++#include <QtCore/qdiriterator.h> ++#include <QtCore/qfile.h> ++#include <QtCore/qmutex.h> ++#include <QtCore/qlibrary.h> ++ ++QT_BEGIN_NAMESPACE ++ ++Q_GLOBAL_STATIC_WITH_ARGS(QMutex, qt_opensslInitMutex, (QMutex::Recursive)) ++ ++/*! ++ \internal ++*/ ++void QSslSocketPrivate::deinitialize() ++{ ++ // This function exists only for compatibility with the pre-11 code, ++ // where deinitialize() actually does some cleanup. To be discarded ++ // once we retire < 1.1. ++} ++ ++bool QSslSocketPrivate::ensureLibraryLoaded() ++{ ++ if (!q_resolveOpenSslSymbols()) ++ return false; ++ ++ const QMutexLocker locker(qt_opensslInitMutex); ++ ++ if (!s_libraryLoaded) { ++ s_libraryLoaded = true; ++ ++ // Initialize OpenSSL. ++ if (q_OPENSSL_init_ssl(0, nullptr) != 1) ++ return false; ++ q_SSL_load_error_strings(); ++ q_OpenSSL_add_all_algorithms(); ++ ++ QSslSocketBackendPrivate::s_indexForSSLExtraData ++ = q_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, 0L, nullptr, nullptr, ++ nullptr, nullptr); ++ ++ // Initialize OpenSSL's random seed. ++ if (!q_RAND_status()) { ++ qWarning("Random number generator not seeded, disabling SSL support"); ++ return false; ++ } ++ } ++ return true; ++} ++ ++void QSslSocketPrivate::ensureCiphersAndCertsLoaded() ++{ ++ const QMutexLocker locker(qt_opensslInitMutex); ++ ++ if (s_loadedCiphersAndCerts) ++ return; ++ s_loadedCiphersAndCerts = true; ++ ++ resetDefaultCiphers(); ++ resetDefaultEllipticCurves(); ++ ++#if QT_CONFIG(library) ++ //load symbols needed to receive certificates from system store ++#if defined(Q_OS_WIN) ++ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); ++ if (hLib) { ++ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); ++ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); ++ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); ++ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) ++ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen ++ } else { ++ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen ++ } ++#elif defined(Q_OS_QNX) ++ s_loadRootCertsOnDemand = true; ++#elif defined(Q_OS_UNIX) && !defined(Q_OS_DARWIN) ++ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) ++ QList<QByteArray> dirs = unixRootCertDirectories(); ++ QStringList symLinkFilter; ++ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); ++ for (int a = 0; a < dirs.count(); ++a) { ++ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); ++ if (iterator.hasNext()) { ++ s_loadRootCertsOnDemand = true; ++ break; ++ } ++ } ++#endif ++#endif // QT_CONFIG(library) ++ // if on-demand loading was not enabled, load the certs now ++ if (!s_loadRootCertsOnDemand) ++ setDefaultCaCertificates(systemCaCertificates()); ++#ifdef Q_OS_WIN ++ //Enabled for fetching additional root certs from windows update on windows 6+ ++ //This flag is set false by setDefaultCaCertificates() indicating the app uses ++ //its own cert bundle rather than the system one. ++ //Same logic that disables the unix on demand cert loading. ++ //Unlike unix, we do preload the certificates from the cert store. ++ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) ++ s_loadRootCertsOnDemand = true; ++#endif ++} ++ ++long QSslSocketPrivate::sslLibraryVersionNumber() ++{ ++ if (!supportsSsl()) ++ return 0; ++ ++ return q_OpenSSL_version_num(); ++} ++ ++QString QSslSocketPrivate::sslLibraryVersionString() ++{ ++ if (!supportsSsl()) ++ return QString(); ++ ++ const char *versionString = q_OpenSSL_version(OPENSSL_VERSION); ++ if (!versionString) ++ return QString(); ++ ++ return QString::fromLatin1(versionString); ++} ++ ++void QSslSocketBackendPrivate::continueHandshake() ++{ ++ Q_Q(QSslSocket); ++ // if we have a max read buffer size, reset the plain socket's to match ++ if (readBufferMaxSize) ++ plainSocket->setReadBufferSize(readBufferMaxSize); ++ ++ if (q_SSL_session_reused(ssl)) ++ configuration.peerSessionShared = true; ++ ++#ifdef QT_DECRYPT_SSL_TRAFFIC ++ if (q_SSL_get_session(ssl)) { ++ size_t master_key_len = q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), 0, 0); ++ size_t client_random_len = q_SSL_get_client_random(ssl, 0, 0); ++ QByteArray masterKey(int(master_key_len), 0); // Will not overflow ++ QByteArray clientRandom(int(client_random_len), 0); // Will not overflow ++ ++ q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), ++ reinterpret_cast<unsigned char*>(masterKey.data()), ++ masterKey.size()); ++ q_SSL_get_client_random(ssl, reinterpret_cast<unsigned char *>(clientRandom.data()), ++ clientRandom.size()); ++ ++ QByteArray debugLineClientRandom("CLIENT_RANDOM "); ++ debugLineClientRandom.append(clientRandom.toHex().toUpper()); ++ debugLineClientRandom.append(" "); ++ debugLineClientRandom.append(masterKey.toHex().toUpper()); ++ debugLineClientRandom.append("\n"); ++ ++ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); ++ QFile file(sslKeyFile); ++ if (!file.open(QIODevice::Append)) ++ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; ++ if (!file.write(debugLineClientRandom)) ++ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; ++ file.close(); ++ } else { ++ qCWarning(lcSsl, "could not decrypt SSL traffic"); ++ } ++#endif ++ ++ // Cache this SSL session inside the QSslContext ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { ++ if (!sslContextPointer->cacheSession(ssl)) { ++ sslContextPointer.clear(); // we could not cache the session ++ } else { ++ // Cache the session for permanent usage as well ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { ++ if (!sslContextPointer->sessionASN1().isEmpty()) ++ configuration.sslSession = sslContextPointer->sessionASN1(); ++ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); ++ } ++ } ++ } ++ ++#if !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; ++ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { ++ // we could not agree -> be conservative and use HTTP/1.1 ++ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); ++ } else { ++ const unsigned char *proto = 0; ++ unsigned int proto_len = 0; ++ ++ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); ++ if (proto_len && mode == QSslSocket::SslClientMode) { ++ // Client does not have a callback that sets it ... ++ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; ++ } ++ ++ if (!proto_len) { // Test if NPN was more lucky ... ++ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); ++ } ++ ++ if (proto_len) ++ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); ++ else ++ configuration.nextNegotiatedProtocol.clear(); ++ } ++#endif // !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ if (mode == QSslSocket::SslClientMode) { ++ EVP_PKEY *key; ++ if (q_SSL_get_server_tmp_key(ssl, &key)) ++ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); ++ } ++ ++ connectionEncrypted = true; ++ emit q->encrypted(); ++ if (autoStartHandshake && pendingClose) { ++ pendingClose = false; ++ q->disconnectFromHost(); ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +new file mode 100644 +index 0000000000..2980b3d23e +--- /dev/null ++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +@@ -0,0 +1,132 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++#ifndef QSSLSOCKET_OPENSSL11_SYMBOLS_P_H ++#define QSSLSOCKET_OPENSSL11_SYMBOLS_P_H ++ ++// ++// W A R N I N G ++// ------------- ++// ++// This file is not part of the Qt API. It exists purely as an ++// implementation detail. This header file may change from version to ++// version without notice, or even be removed. ++// ++// We mean it. ++// ++ ++// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done ++// in qsslsocket_openssl_symbols_p.h. ++ ++#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H ++#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" ++#endif ++ ++const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); ++ ++Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); ++Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); ++ ++int q_DSA_bits(DSA *a); ++int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); ++int q_EVP_PKEY_base_id(EVP_PKEY *a); ++int q_RSA_bits(RSA *a); ++int q_OPENSSL_sk_num(OPENSSL_STACK *a); ++void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ++OPENSSL_STACK *q_OPENSSL_sk_new_null(); ++void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); ++void q_OPENSSL_sk_free(OPENSSL_STACK *a); ++void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); ++int q_SSL_session_reused(SSL *a); ++unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); ++int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen); ++size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); ++int q_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++const SSL_METHOD *q_TLS_method(); ++const SSL_METHOD *q_TLS_client_method(); ++const SSL_METHOD *q_TLS_server_method(); ++ASN1_TIME *q_X509_getm_notBefore(X509 *a); ++ASN1_TIME *q_X509_getm_notAfter(X509 *a); ++ ++long q_X509_get_version(X509 *a); ++EVP_PKEY *q_X509_get_pubkey(X509 *a); ++void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); ++STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); ++void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); ++int q_DH_bits(DH *dh); ++ ++# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ ++ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) ++ ++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) ++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) ++ ++#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ ++ | OPENSSL_INIT_ADD_ALL_DIGESTS \ ++ | OPENSSL_INIT_LOAD_CONFIG, NULL) ++#define q_OPENSSL_add_all_algorithms_noconf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ ++ | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) ++ ++int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++void q_CRYPTO_free(void *str, const char *file, int line); ++ ++long q_OpenSSL_version_num(); ++const char *q_OpenSSL_version(int type); ++ ++unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); ++ ++#endif +diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h +index b2adb3e547..7f9e884045 100644 +--- a/src/network/ssl/qsslsocket_openssl_p.h ++++ b/src/network/ssl/qsslsocket_openssl_p.h +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -98,8 +98,8 @@ + #include <openssl/crypto.h> + #include <openssl/tls1.h> + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-typedef _STACK STACK; ++#if QT_CONFIG(opensslv11) ++#include <openssl/dh.h> + #endif + + QT_BEGIN_NAMESPACE +@@ -151,7 +151,7 @@ public: + #endif + + Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); +- static QSslCipher QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher); ++ static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher); + static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); + static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName); + static QString getErrorsFromOpenSsl(); +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index c344a94427..0ef8bf6b5e 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -1,7 +1,8 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -136,49 +137,195 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) + + #endif // QT_LINKED_OPENSSL + ++#if QT_CONFIG(opensslv11) ++ ++// Below are the functions first introduced in version 1.1: ++ ++DEFINEFUNC(const unsigned char *, ASN1_STRING_get0_data, const ASN1_STRING *a, a, return 0, return) ++DEFINEFUNC2(int, OPENSSL_init_ssl, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) ++DEFINEFUNC2(int, OPENSSL_init_crypto, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) ++DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return) ++DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) ++DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) ++DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) ++DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) ++DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) ++DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) ++DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return 0, return) ++DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) ++DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) ++DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return) ++DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return) ++DEFINEFUNC6(int, CRYPTO_get_ex_new_index, int class_index, class_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) ++ ++DEFINEFUNC(const SSL_METHOD *, TLS_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLS_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLS_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(ASN1_TIME *, X509_getm_notBefore, X509 *a, a, return 0, return) ++DEFINEFUNC(ASN1_TIME *, X509_getm_notAfter, X509 *a, a, return 0, return) ++DEFINEFUNC(long, X509_get_version, X509 *a, a, return -1, return) ++DEFINEFUNC(EVP_PKEY *, X509_get_pubkey, X509 *a, a, return 0, return) ++DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_verify_cb verify_cb, verify_cb, return, DUMMYARG) ++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return 0, return) ++DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG) ++DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return) ++DEFINEFUNC(const char *, OpenSSL_version, int a, a, return 0, return) ++DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return) ++DEFINEFUNC4(void, DH_get0_pqg, const DH *dh, dh, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, DUMMYARG) ++DEFINEFUNC(int, DH_bits, DH *dh, dh, return 0, return) ++ ++#else // QT_CONFIG(opensslv11) ++ ++// Functions below are either deprecated or removed in OpenSSL >= 1.1: ++ ++DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return) ++ + #ifdef SSLEAY_MACROS + DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return 0, return) + #endif ++DEFINEFUNC2(BIO *, BIO_new_file, const char *filename, filename, const char *mode, mode, return 0, return) ++DEFINEFUNC(void, ERR_clear_error, DUMMYARG, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) ++DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) ++DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) ++DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) ++DEFINEFUNC(unsigned long, ERR_peek_last_error, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, ERR_free_strings, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(void, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++DEFINEFUNC(void, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++ ++#ifdef SSLEAY_MACROS ++DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) ++DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) ++#endif // SSLEAY_MACROS ++ ++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) ++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) ++#else ++DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L ++ ++DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) ++DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#else ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++ ++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) ++ ++#ifdef SSLEAY_MACROS ++DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) ++DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) ++#ifndef OPENSSL_NO_EC ++DEFINEFUNC2(int, i2d_ECPrivateKey, const EC_KEY *a, a, unsigned char **b, b, return -1, return) ++#endif ++DEFINEFUNC3(RSA *, d2i_RSAPrivateKey, RSA **a, a, unsigned char **b, b, long c, c, return 0, return) ++DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, c, return 0, return) ++#ifndef OPENSSL_NO_EC ++DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, long c, c, return 0, return) ++#endif ++#endif ++DEFINEFUNC(char *, CONF_get1_default_config_file, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) ++DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) ++ ++#endif // QT_CONFIG(opensslv11) ++ + DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return) +-DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return) + DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return) +-DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return); ++DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return) + DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) + DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) +-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) + DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) + DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) +-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++ + DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) + DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L +-DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) +-#endif + DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast<BN_ULONG>(-1), return) + #ifndef OPENSSL_NO_EC + DEFINEFUNC(const EC_GROUP*, EC_KEY_get0_group, const EC_KEY* k, k, return 0, return) + DEFINEFUNC(int, EC_GROUP_get_degree, const EC_GROUP* g, g, return 0, return) + #endif +-DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) +-DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) +-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) + DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) + DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return 0, return) + DEFINEFUNC2(char *, ERR_error_string, unsigned long a, a, char *b, b, return 0, return) + DEFINEFUNC(unsigned long, ERR_get_error, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(void, ERR_free_strings, void, DUMMYARG, return, DUMMYARG) +-DEFINEFUNC(void, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX *a, a, return, DUMMYARG) +-DEFINEFUNC(void, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX *a, a, return, DUMMYARG) +-DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return); ++DEFINEFUNC(EVP_CIPHER_CTX *, EVP_CIPHER_CTX_new, void, DUMMYARG, return 0, return) ++DEFINEFUNC(void, EVP_CIPHER_CTX_free, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return) + DEFINEFUNC2(int, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX *ctx, ctx, int keylen, keylen, return 0, return) +-DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return); +-DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return); +-DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return); ++DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return) ++DEFINEFUNC6(int, EVP_CipherInit_ex, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *cipher, cipher, ENGINE *impl, impl, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return) ++DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return) ++DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_des_cbc, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) + DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) + DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_PKEY *a, a, DSA *b, b, return -1, return) +@@ -202,10 +349,8 @@ DEFINEFUNC3(int, i2t_ASN1_OBJECT, char *a, a, int b, b, ASN1_OBJECT *c, c, retur + DEFINEFUNC4(int, OBJ_obj2txt, char *a, a, int b, b, ASN1_OBJECT *c, c, int d, d, return -1, return) + + DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return) +-#ifdef SSLEAY_MACROS +-DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) +-DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) +-#else ++ ++#ifndef SSLEAY_MACROS + DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(DSA *, PEM_read_bio_DSAPrivateKey, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(RSA *, PEM_read_bio_RSAPrivateKey, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) +@@ -218,7 +363,7 @@ DEFINEFUNC7(int, PEM_write_bio_RSAPrivateKey, BIO *a, a, RSA *b, b, const EVP_CI + #ifndef OPENSSL_NO_EC + DEFINEFUNC7(int, PEM_write_bio_ECPrivateKey, BIO *a, a, EC_KEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return) + #endif +-#endif ++#endif // !SSLEAY_MACROS + DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(DSA *, PEM_read_bio_DSA_PUBKEY, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(RSA *, PEM_read_bio_RSA_PUBKEY, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) +@@ -234,23 +379,10 @@ DEFINEFUNC2(void, RAND_seed, const void *a, a, int b, b, return, DUMMYARG) + DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return) + DEFINEFUNC(RSA *, RSA_new, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG) +-DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) +-DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) +-DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) +-DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) +-#else +-DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) +-DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) +-DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) +-#endif + DEFINEFUNC(int, SSL_accept, SSL *a, a, return -1, return) + DEFINEFUNC(int, SSL_clear, SSL *a, a, return -1, return) +-DEFINEFUNC3(char *, SSL_CIPHER_description, SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) +-DEFINEFUNC2(int, SSL_CIPHER_get_bits, SSL_CIPHER *a, a, int *b, b, return 0, return) ++DEFINEFUNC3(char *, SSL_CIPHER_description, const SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) ++DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *a, a, int *b, b, return 0, return) + DEFINEFUNC(int, SSL_connect, SSL *a, a, return -1, return) + DEFINEFUNC(int, SSL_CTX_check_private_key, const SSL_CTX *a, a, return -1, return) + DEFINEFUNC4(long, SSL_CTX_ctrl, SSL_CTX *a, a, int b, b, long c, c, void *d, d, return -1, return) +@@ -287,8 +419,6 @@ DEFINEFUNC(long, SSL_get_verify_result, const SSL *a, a, return -1, return) + #else + DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, return -1, return) + #endif +-DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) +-DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) + DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return 0, return) + DEFINEFUNC4(long, SSL_ctrl, SSL *a, a, int cmd, cmd, long larg, larg, void *parg, parg, return -1, return) + DEFINEFUNC3(int, SSL_read, SSL *a, a, void *b, b, int c, c, return -1, return) +@@ -301,7 +431,6 @@ DEFINEFUNC(void, SSL_SESSION_free, SSL_SESSION *ses, ses, return, DUMMYARG) + DEFINEFUNC(SSL_SESSION*, SSL_get1_session, SSL *ssl, ssl, return 0, return) + DEFINEFUNC(SSL_SESSION*, SSL_get_session, const SSL *ssl, ssl, return 0, return) + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) + DEFINEFUNC3(int, SSL_set_ex_data, SSL *ssl, ssl, int idx, idx, void *arg, arg, return 0, return) + DEFINEFUNC2(void *, SSL_get_ex_data, const SSL *ssl, ssl, int idx, idx, return NULL, return) + #endif +@@ -310,51 +439,9 @@ DEFINEFUNC2(void, SSL_set_psk_client_callback, SSL* ssl, ssl, q_psk_client_callb + DEFINEFUNC2(void, SSL_set_psk_server_callback, SSL* ssl, ssl, q_psk_server_callback_t callback, callback, return, DUMMYARG) + DEFINEFUNC2(int, SSL_CTX_use_psk_identity_hint, SSL_CTX* ctx, ctx, const char *hint, hint, return 0, return) + #endif +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#else +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif + DEFINEFUNC3(int, SSL_write, SSL *a, a, const void *b, b, int c, c, return -1, return) + DEFINEFUNC2(int, X509_cmp, X509 *a, a, X509 *b, b, return -1, return) ++DEFINEFUNC4(int, X509_digest, const X509 *x509, x509, const EVP_MD *type, type, unsigned char *md, md, unsigned int *len, len, return -1, return) + #ifndef SSLEAY_MACROS + DEFINEFUNC(X509 *, X509_dup, X509 *a, a, return 0, return) + #endif +@@ -378,6 +465,7 @@ DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, ASN1_STRING *b, b, return 0, retu + DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return) + DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return) + DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return) ++DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *a, a, return 0, return) + DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return) + DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return 0, return) +@@ -393,25 +481,8 @@ DEFINEFUNC2(int, X509_STORE_CTX_set_purpose, X509_STORE_CTX *a, a, int b, b, ret + DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return) +-DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) + DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return) +-#ifdef SSLEAY_MACROS +-DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) +-DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) +-#ifndef OPENSSL_NO_EC +-DEFINEFUNC2(int, i2d_ECPrivateKey, const EC_KEY *a, a, unsigned char **b, b, return -1, return) +-#endif +-DEFINEFUNC3(RSA *, d2i_RSAPrivateKey, RSA **a, a, unsigned char **b, b, long c, c, return 0, return) +-DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, c, return 0, return) +-#ifndef OPENSSL_NO_EC +-DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, long c, c, return 0, return) +-#endif +-#endif +-DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) +-DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) + DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) +-DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) +-DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) + DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return) + DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return 0, return) + #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +@@ -694,8 +765,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl() + #ifndef Q_OS_DARWIN + // second attempt: find the development files libssl.so and libcrypto.so + // +- // disabled on OS X/iOS: +- // OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third ++ // disabled on macOS/iOS: ++ // macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third + // attempt, _after_ <bundle>/Contents/Frameworks has been searched. + // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. + libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); +@@ -754,7 +825,11 @@ bool q_resolveOpenSslSymbols() + static bool symbolsResolved = false; + static bool triedToResolveSymbols = false; + #ifndef QT_NO_THREAD ++#if QT_CONFIG(opensslv11) ++ QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_OPENSSL_init_ssl)); ++#else + QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_SSL_library_init)); ++#endif + #endif + if (symbolsResolved) + return true; +@@ -771,11 +846,145 @@ bool q_resolveOpenSslSymbols() + // failed to load them + return false; + ++#if QT_CONFIG(opensslv11) ++ ++ RESOLVEFUNC(OPENSSL_init_ssl) ++ RESOLVEFUNC(OPENSSL_init_crypto) ++ RESOLVEFUNC(ASN1_STRING_get0_data) ++ RESOLVEFUNC(EVP_CIPHER_CTX_reset) ++ RESOLVEFUNC(EVP_PKEY_base_id) ++ RESOLVEFUNC(RSA_bits) ++ RESOLVEFUNC(OPENSSL_sk_new_null) ++ RESOLVEFUNC(OPENSSL_sk_push) ++ RESOLVEFUNC(OPENSSL_sk_free) ++ RESOLVEFUNC(OPENSSL_sk_num) ++ RESOLVEFUNC(OPENSSL_sk_pop_free) ++ RESOLVEFUNC(OPENSSL_sk_value) ++ RESOLVEFUNC(DH_get0_pqg) ++ RESOLVEFUNC(SSL_CTX_set_options) ++ RESOLVEFUNC(SSL_get_client_random) ++ RESOLVEFUNC(SSL_SESSION_get_master_key) ++ RESOLVEFUNC(SSL_session_reused) ++ RESOLVEFUNC(SSL_get_session) ++ RESOLVEFUNC(CRYPTO_get_ex_new_index) ++ RESOLVEFUNC(TLS_method) ++ RESOLVEFUNC(TLS_client_method) ++ RESOLVEFUNC(TLS_server_method) ++ RESOLVEFUNC(X509_STORE_CTX_get0_chain) ++ RESOLVEFUNC(X509_getm_notBefore) ++ RESOLVEFUNC(X509_getm_notAfter) ++ RESOLVEFUNC(X509_get_version) ++ RESOLVEFUNC(X509_get_pubkey) ++ RESOLVEFUNC(X509_STORE_set_verify_cb) ++ RESOLVEFUNC(CRYPTO_free) ++ RESOLVEFUNC(OpenSSL_version_num) ++ RESOLVEFUNC(OpenSSL_version) ++ if (!_q_OpenSSL_version) { ++ // Apparently, we were built with OpenSSL 1.1 enabled but are now using ++ // a wrong library. ++ delete libs.first; ++ delete libs.second; ++ qCWarning(lcSsl, "Incompatible version of OpenSSL"); ++ return false; ++ } ++ ++ RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) ++ RESOLVEFUNC(DH_bits) ++ RESOLVEFUNC(DSA_bits) ++ ++#else // !opensslv11 ++ ++ RESOLVEFUNC(ASN1_STRING_data) ++ + #ifdef SSLEAY_MACROS + RESOLVEFUNC(ASN1_dup) ++#endif // SSLEAY_MACROS ++ RESOLVEFUNC(BIO_new_file) ++ RESOLVEFUNC(ERR_clear_error) ++ RESOLVEFUNC(CRYPTO_free) ++ RESOLVEFUNC(CRYPTO_num_locks) ++ RESOLVEFUNC(CRYPTO_set_id_callback) ++ RESOLVEFUNC(CRYPTO_set_locking_callback) ++ RESOLVEFUNC(ERR_peek_last_error) ++ RESOLVEFUNC(ERR_free_strings) ++ RESOLVEFUNC(EVP_CIPHER_CTX_cleanup) ++ RESOLVEFUNC(EVP_CIPHER_CTX_init) ++ ++#ifdef SSLEAY_MACROS // ### verify ++ RESOLVEFUNC(PEM_ASN1_read_bio) ++#endif // SSLEAY_MACROS ++ ++ RESOLVEFUNC(sk_new_null) ++ RESOLVEFUNC(sk_push) ++ RESOLVEFUNC(sk_free) ++ RESOLVEFUNC(sk_num) ++ RESOLVEFUNC(sk_pop_free) ++ RESOLVEFUNC(sk_value) ++ RESOLVEFUNC(SSL_library_init) ++ RESOLVEFUNC(SSL_load_error_strings) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(SSL_get_ex_new_index) ++#endif ++#ifndef OPENSSL_NO_SSL2 ++ RESOLVEFUNC(SSLv2_client_method) + #endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++ RESOLVEFUNC(SSLv3_client_method) ++#endif ++ RESOLVEFUNC(SSLv23_client_method) ++ RESOLVEFUNC(TLSv1_client_method) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(TLSv1_1_client_method) ++ RESOLVEFUNC(TLSv1_2_client_method) ++#endif ++#ifndef OPENSSL_NO_SSL2 ++ RESOLVEFUNC(SSLv2_server_method) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++ RESOLVEFUNC(SSLv3_server_method) ++#endif ++ RESOLVEFUNC(SSLv23_server_method) ++ RESOLVEFUNC(TLSv1_server_method) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(TLSv1_1_server_method) ++ RESOLVEFUNC(TLSv1_2_server_method) ++#endif ++ RESOLVEFUNC(X509_STORE_CTX_get_chain) ++#ifdef SSLEAY_MACROS ++ RESOLVEFUNC(i2d_DSAPrivateKey) ++ RESOLVEFUNC(i2d_RSAPrivateKey) ++ RESOLVEFUNC(d2i_DSAPrivateKey) ++ RESOLVEFUNC(d2i_RSAPrivateKey) ++#endif ++ RESOLVEFUNC(CONF_get1_default_config_file) ++ RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) ++ RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) ++ RESOLVEFUNC(SSLeay) ++ ++ if (!_q_SSLeay || q_SSLeay() >= 0x10100000L) { ++ // OpenSSL 1.1 has deprecated and removed SSLeay. We consider a failure to ++ // resolve this symbol as a failure to resolve symbols. ++ // The right operand of '||' above is ... a bit of paranoia. ++ delete libs.first; ++ delete libs.second; ++ qCWarning(lcSsl, "Incompatible version of OpenSSL"); ++ return false; ++ } ++ ++ ++ RESOLVEFUNC(SSLeay_version) ++ ++#ifndef OPENSSL_NO_EC ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) ++ RESOLVEFUNC(EC_curve_nist2nid) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ++#endif // OPENSSL_NO_EC ++ ++ ++#endif // !opensslv11 ++ + RESOLVEFUNC(ASN1_INTEGER_get) +- RESOLVEFUNC(ASN1_STRING_data) + RESOLVEFUNC(ASN1_STRING_length) + RESOLVEFUNC(ASN1_STRING_to_UTF8) + RESOLVEFUNC(BIO_ctrl) +@@ -794,25 +1003,22 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(BN_is_word) + #endif + RESOLVEFUNC(BN_mod_word) +- RESOLVEFUNC(CRYPTO_free) +- RESOLVEFUNC(CRYPTO_num_locks) +- RESOLVEFUNC(CRYPTO_set_id_callback) +- RESOLVEFUNC(CRYPTO_set_locking_callback) + RESOLVEFUNC(DSA_new) + RESOLVEFUNC(DSA_free) + RESOLVEFUNC(ERR_error_string) + RESOLVEFUNC(ERR_get_error) +- RESOLVEFUNC(ERR_free_strings) +- RESOLVEFUNC(EVP_CIPHER_CTX_cleanup) +- RESOLVEFUNC(EVP_CIPHER_CTX_init) ++ RESOLVEFUNC(EVP_CIPHER_CTX_new) ++ RESOLVEFUNC(EVP_CIPHER_CTX_free) + RESOLVEFUNC(EVP_CIPHER_CTX_ctrl) + RESOLVEFUNC(EVP_CIPHER_CTX_set_key_length) + RESOLVEFUNC(EVP_CipherInit) ++ RESOLVEFUNC(EVP_CipherInit_ex) + RESOLVEFUNC(EVP_CipherUpdate) + RESOLVEFUNC(EVP_CipherFinal) + RESOLVEFUNC(EVP_des_cbc) + RESOLVEFUNC(EVP_des_ede3_cbc) + RESOLVEFUNC(EVP_rc2_cbc) ++ RESOLVEFUNC(EVP_sha1) + RESOLVEFUNC(EVP_PKEY_assign) + RESOLVEFUNC(EVP_PKEY_set1_RSA) + RESOLVEFUNC(EVP_PKEY_set1_DSA) +@@ -834,9 +1040,8 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(i2t_ASN1_OBJECT) + RESOLVEFUNC(OBJ_obj2txt) + RESOLVEFUNC(OBJ_obj2nid) +-#ifdef SSLEAY_MACROS // ### verify +- RESOLVEFUNC(PEM_ASN1_read_bio) +-#else ++ ++#ifndef SSLEAY_MACROS + RESOLVEFUNC(PEM_read_bio_PrivateKey) + RESOLVEFUNC(PEM_read_bio_DSAPrivateKey) + RESOLVEFUNC(PEM_read_bio_RSAPrivateKey) +@@ -849,7 +1054,8 @@ bool q_resolveOpenSslSymbols() + #ifndef OPENSSL_NO_EC + RESOLVEFUNC(PEM_write_bio_ECPrivateKey) + #endif +-#endif ++#endif // !SSLEAY_MACROS ++ + RESOLVEFUNC(PEM_read_bio_PUBKEY) + RESOLVEFUNC(PEM_read_bio_DSA_PUBKEY) + RESOLVEFUNC(PEM_read_bio_RSA_PUBKEY) +@@ -865,12 +1071,6 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(RAND_status) + RESOLVEFUNC(RSA_new) + RESOLVEFUNC(RSA_free) +- RESOLVEFUNC(sk_new_null) +- RESOLVEFUNC(sk_push) +- RESOLVEFUNC(sk_free) +- RESOLVEFUNC(sk_num) +- RESOLVEFUNC(sk_pop_free) +- RESOLVEFUNC(sk_value) + RESOLVEFUNC(SSL_CIPHER_description) + RESOLVEFUNC(SSL_CIPHER_get_bits) + RESOLVEFUNC(SSL_CTX_check_private_key) +@@ -898,8 +1098,6 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_get_peer_cert_chain) + RESOLVEFUNC(SSL_get_peer_certificate) + RESOLVEFUNC(SSL_get_verify_result) +- RESOLVEFUNC(SSL_library_init) +- RESOLVEFUNC(SSL_load_error_strings) + RESOLVEFUNC(SSL_new) + RESOLVEFUNC(SSL_ctrl) + RESOLVEFUNC(SSL_read) +@@ -912,7 +1110,6 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_get1_session) + RESOLVEFUNC(SSL_get_session) + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(SSL_get_ex_new_index) + RESOLVEFUNC(SSL_set_ex_data) + RESOLVEFUNC(SSL_get_ex_data) + #endif +@@ -922,30 +1119,6 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_CTX_use_psk_identity_hint) + #endif + RESOLVEFUNC(SSL_write) +-#ifndef OPENSSL_NO_SSL2 +- RESOLVEFUNC(SSLv2_client_method) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +- RESOLVEFUNC(SSLv3_client_method) +-#endif +- RESOLVEFUNC(SSLv23_client_method) +- RESOLVEFUNC(TLSv1_client_method) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(TLSv1_1_client_method) +- RESOLVEFUNC(TLSv1_2_client_method) +-#endif +-#ifndef OPENSSL_NO_SSL2 +- RESOLVEFUNC(SSLv2_server_method) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +- RESOLVEFUNC(SSLv3_server_method) +-#endif +- RESOLVEFUNC(SSLv23_server_method) +- RESOLVEFUNC(TLSv1_server_method) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(TLSv1_1_server_method) +- RESOLVEFUNC(TLSv1_2_server_method) +-#endif + RESOLVEFUNC(X509_NAME_entry_count) + RESOLVEFUNC(X509_NAME_get_entry) + RESOLVEFUNC(X509_NAME_ENTRY_get_data) +@@ -961,12 +1134,12 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(X509_STORE_CTX_get_error) + RESOLVEFUNC(X509_STORE_CTX_get_error_depth) + RESOLVEFUNC(X509_STORE_CTX_get_current_cert) +- RESOLVEFUNC(X509_STORE_CTX_get_chain) + RESOLVEFUNC(X509_cmp) + #ifndef SSLEAY_MACROS + RESOLVEFUNC(X509_dup) + #endif + RESOLVEFUNC(X509_print) ++ RESOLVEFUNC(X509_digest) + RESOLVEFUNC(X509_EXTENSION_get_object) + RESOLVEFUNC(X509_free) + RESOLVEFUNC(X509_get_ext) +@@ -982,20 +1155,11 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(X509_check_issued) + RESOLVEFUNC(X509_get_issuer_name) + RESOLVEFUNC(X509_get_subject_name) ++ RESOLVEFUNC(X509_get_serialNumber) + RESOLVEFUNC(X509_verify_cert) + RESOLVEFUNC(d2i_X509) + RESOLVEFUNC(i2d_X509) +-#ifdef SSLEAY_MACROS +- RESOLVEFUNC(i2d_DSAPrivateKey) +- RESOLVEFUNC(i2d_RSAPrivateKey) +- RESOLVEFUNC(d2i_DSAPrivateKey) +- RESOLVEFUNC(d2i_RSAPrivateKey) +-#endif +- RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) +- RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) + RESOLVEFUNC(SSL_CTX_load_verify_locations) +- RESOLVEFUNC(SSLeay) +- RESOLVEFUNC(SSLeay_version) + RESOLVEFUNC(i2d_SSL_SESSION) + RESOLVEFUNC(d2i_SSL_SESSION) + #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +@@ -1019,27 +1183,14 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(EC_KEY_new_by_curve_name) + RESOLVEFUNC(EC_KEY_free) + RESOLVEFUNC(EC_get_builtin_curves) +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) +- RESOLVEFUNC(EC_curve_nist2nid) +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + #endif // OPENSSL_NO_EC + RESOLVEFUNC(PKCS12_parse) + RESOLVEFUNC(d2i_PKCS12_bio) + RESOLVEFUNC(PKCS12_free) + ++ symbolsResolved = true; + delete libs.first; + delete libs.second; +- if (!_q_SSLeay || q_SSLeay() >= 0x10100000L) { +- // OpenSSL 1.1 deprecated and removed SSLeay. We consider a failure to +- // resolve this symbol as a failure to resolve symbols. +- // The right operand of '||' above ... a bit of paranoia. +- qCWarning(lcSsl, "Incompatible version of OpenSSL"); +- return false; +- } +- +- symbolsResolved = true; +- + return true; + } + #endif // QT_CONFIG(library) +diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h +index b35a895d38..796bf2d4f5 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h ++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. + ** Contact: https://www.qt.io/licensing/ + ** +@@ -56,6 +56,7 @@ + #ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H + #define QSSLSOCKET_OPENSSL_SYMBOLS_P_H + ++ + // + // W A R N I N G + // ------------- +@@ -215,17 +216,20 @@ QT_BEGIN_NAMESPACE + + #endif // !defined QT_LINKED_OPENSSL + ++#if QT_CONFIG(opensslv11) ++#include "qsslsocket_openssl11_symbols_p.h" ++#else ++#include "qsslsocket_opensslpre11_symbols_p.h" ++#endif // QT_CONFIG ++ + bool q_resolveOpenSslSymbols(); + long q_ASN1_INTEGER_get(ASN1_INTEGER *a); +-unsigned char * q_ASN1_STRING_data(ASN1_STRING *a); + int q_ASN1_STRING_length(ASN1_STRING *a); + int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); + long q_BIO_ctrl(BIO *a, int b, long c, void *d); + Q_AUTOTEST_EXPORT int q_BIO_free(BIO *a); +-Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a); + BIO *q_BIO_new_mem_buf(void *a, int b); + int q_BIO_read(BIO *a, void *b, int c); +-Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem(); + Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c); + int q_BN_num_bits(const BIGNUM *a); + #if OPENSSL_VERSION_NUMBER >= 0x10100000L +@@ -247,26 +251,23 @@ BN_ULONG q_BN_mod_word(const BIGNUM *a, BN_ULONG w); + const EC_GROUP* q_EC_KEY_get0_group(const EC_KEY* k); + int q_EC_GROUP_get_degree(const EC_GROUP* g); + #endif +-int q_CRYPTO_num_locks(); +-void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); +-void q_CRYPTO_set_id_callback(unsigned long (*a)()); +-void q_CRYPTO_free(void *a); + DSA *q_DSA_new(); + void q_DSA_free(DSA *a); + X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); + char *q_ERR_error_string(unsigned long a, char *b); + unsigned long q_ERR_get_error(); +-void q_ERR_free_strings(); +-void q_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +-void q_EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); ++EVP_CIPHER_CTX *q_EVP_CIPHER_CTX_new(); ++void q_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); + int q_EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); + int q_EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); + int q_EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv, int enc); ++int q_EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); + int q_EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); + int q_EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + const EVP_CIPHER *q_EVP_des_cbc(); + const EVP_CIPHER *q_EVP_des_ede3_cbc(); + const EVP_CIPHER *q_EVP_rc2_cbc(); ++const EVP_MD *q_EVP_sha1(); + int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); + Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); + int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); +@@ -310,7 +311,7 @@ int q_PEM_write_bio_RSAPrivateKey(BIO *a, RSA *b, const EVP_CIPHER *c, unsigned + int q_PEM_write_bio_ECPrivateKey(BIO *a, EC_KEY *b, const EVP_CIPHER *c, unsigned char *d, + int e, pem_password_cb *f, void *g); + #endif +-#endif ++#endif // SSLEAY_MACROS + Q_AUTOTEST_EXPORT EVP_PKEY *q_PEM_read_bio_PUBKEY(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d); + DSA *q_PEM_read_bio_DSA_PUBKEY(BIO *a, DSA **b, pem_password_cb *c, void *d); + RSA *q_PEM_read_bio_RSA_PUBKEY(BIO *a, RSA **b, pem_password_cb *c, void *d); +@@ -326,23 +327,10 @@ void q_RAND_seed(const void *a, int b); + int q_RAND_status(); + RSA *q_RSA_new(); + void q_RSA_free(RSA *a); +-int q_sk_num(STACK *a); +-void q_sk_pop_free(STACK *a, void (*b)(void *)); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-_STACK *q_sk_new_null(); +-void q_sk_push(_STACK *st, void *data); +-void q_sk_free(_STACK *a); +-void * q_sk_value(STACK *a, int b); +-#else +-STACK *q_sk_new_null(); +-void q_sk_push(STACK *st, char *data); +-void q_sk_free(STACK *a); +-char * q_sk_value(STACK *a, int b); +-#endif + int q_SSL_accept(SSL *a); + int q_SSL_clear(SSL *a); +-char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c); +-int q_SSL_CIPHER_get_bits(SSL_CIPHER *a, int *b); ++char *q_SSL_CIPHER_description(const SSL_CIPHER *a, char *b, int c); ++int q_SSL_CIPHER_get_bits(const SSL_CIPHER *a, int *b); + int q_SSL_connect(SSL *a); + int q_SSL_CTX_check_private_key(const SSL_CTX *a); + long q_SSL_CTX_ctrl(SSL_CTX *a, int b, long c, void *d); +@@ -374,8 +362,6 @@ int q_SSL_get_error(SSL *a, int b); + STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a); + X509 *q_SSL_get_peer_certificate(SSL *a); + long q_SSL_get_verify_result(const SSL *a); +-int q_SSL_library_init(); +-void q_SSL_load_error_strings(); + SSL *q_SSL_new(SSL_CTX *a); + long q_SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); + int q_SSL_read(SSL *a, void *b, int c); +@@ -388,7 +374,6 @@ void q_SSL_SESSION_free(SSL_SESSION *ses); + SSL_SESSION *q_SSL_get1_session(SSL *ssl); + SSL_SESSION *q_SSL_get_session(const SSL *ssl); + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +-int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int q_SSL_set_ex_data(SSL *ssl, int idx, void *arg); + void *q_SSL_get_ex_data(const SSL *ssl, int idx); + #endif +@@ -399,49 +384,6 @@ typedef unsigned int (*q_psk_server_callback_t)(SSL *ssl, const char *identity, + void q_SSL_set_psk_server_callback(SSL *ssl, q_psk_server_callback_t callback); + int q_SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); + #endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-#ifndef OPENSSL_NO_SSL2 +-const SSL_METHOD *q_SSLv2_client_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-const SSL_METHOD *q_SSLv3_client_method(); +-#endif +-const SSL_METHOD *q_SSLv23_client_method(); +-const SSL_METHOD *q_TLSv1_client_method(); +-const SSL_METHOD *q_TLSv1_1_client_method(); +-const SSL_METHOD *q_TLSv1_2_client_method(); +-#ifndef OPENSSL_NO_SSL2 +-const SSL_METHOD *q_SSLv2_server_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-const SSL_METHOD *q_SSLv3_server_method(); +-#endif +-const SSL_METHOD *q_SSLv23_server_method(); +-const SSL_METHOD *q_TLSv1_server_method(); +-const SSL_METHOD *q_TLSv1_1_server_method(); +-const SSL_METHOD *q_TLSv1_2_server_method(); +-#else +-#ifndef OPENSSL_NO_SSL2 +-SSL_METHOD *q_SSLv2_client_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-SSL_METHOD *q_SSLv3_client_method(); +-#endif +-SSL_METHOD *q_SSLv23_client_method(); +-SSL_METHOD *q_TLSv1_client_method(); +-SSL_METHOD *q_TLSv1_1_client_method(); +-SSL_METHOD *q_TLSv1_2_client_method(); +-#ifndef OPENSSL_NO_SSL2 +-SSL_METHOD *q_SSLv2_server_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-SSL_METHOD *q_SSLv3_server_method(); +-#endif +-SSL_METHOD *q_SSLv23_server_method(); +-SSL_METHOD *q_TLSv1_server_method(); +-SSL_METHOD *q_TLSv1_1_server_method(); +-SSL_METHOD *q_TLSv1_2_server_method(); +-#endif + int q_SSL_write(SSL *a, const void *b, int c); + int q_X509_cmp(X509 *a, X509 *b); + #ifdef SSLEAY_MACROS +@@ -452,6 +394,7 @@ void *q_ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); + X509 *q_X509_dup(X509 *a); + #endif + void q_X509_print(BIO *a, X509*b); ++int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len); + ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); + void q_X509_free(X509 *a); + X509_EXTENSION *q_X509_get_ext(X509 *a, int b); +@@ -471,6 +414,7 @@ int q_ASN1_STRING_print(BIO *a, ASN1_STRING *b); + int q_X509_check_issued(X509 *a, X509 *b); + X509_NAME *q_X509_get_issuer_name(X509 *a); + X509_NAME *q_X509_get_subject_name(X509 *a); ++ASN1_INTEGER *q_X509_get_serialNumber(X509 *a); + int q_X509_verify_cert(X509_STORE_CTX *ctx); + int q_X509_NAME_entry_count(X509_NAME *a); + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); +@@ -488,7 +432,6 @@ int q_X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); + int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +-STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); + + // Diffie-Hellman support + DH *q_DH_new(); +@@ -522,34 +465,9 @@ int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + PKCS12 *q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12); + void q_PKCS12_free(PKCS12 *pkcs12); + +- + #define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) + #define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +-#ifdef SSLEAY_MACROS +-int q_i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +-int q_i2d_RSAPrivateKey(const RSA *a, unsigned char **pp); +-RSA *q_d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); +-DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); +-#define q_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \ +- (RSA *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_RSAPrivateKey, PEM_STRING_RSA, bp, (void **)x, cb, u) +-#define q_PEM_read_bio_DSAPrivateKey(bp, x, cb, u) \ +- (DSA *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_DSAPrivateKey, PEM_STRING_DSA, bp, (void **)x, cb, u) +-#define q_PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_RSAPrivateKey,PEM_STRING_RSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define q_PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define q_PEM_read_bio_DHparams(bp, dh, cb, u) \ +- (DH *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_DHparams, PEM_STRING_DHPARAMS, bp, (void **)x, cb, u) +-#endif +-#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) + #define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +-#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) +-#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) + #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) + #define q_sk_GENERAL_NAME_value(st, i) q_SKM_sk_value(GENERAL_NAME, (st), (i)) + #define q_sk_X509_num(st) q_SKM_sk_num(X509, (st)) +@@ -558,18 +476,12 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); + #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) + #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ + q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +-#define q_X509_get_notAfter(x) X509_get_notAfter(x) +-#define q_X509_get_notBefore(x) X509_get_notBefore(x) + #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) + #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) + #define q_OpenSSL_add_all_algorithms() q_OPENSSL_add_all_algorithms_conf() +-void q_OPENSSL_add_all_algorithms_noconf(); +-void q_OPENSSL_add_all_algorithms_conf(); + int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); +-long q_SSLeay(); +-const char *q_SSLeay_version(int type); + int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); + SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); + +diff --git a/src/network/ssl/qsslsocket_opensslpre11.cpp b/src/network/ssl/qsslsocket_opensslpre11.cpp +new file mode 100644 +index 0000000000..e51888c5f2 +--- /dev/null ++++ b/src/network/ssl/qsslsocket_opensslpre11.cpp +@@ -0,0 +1,424 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 Governikus GmbH & Co. KG ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++//#define QT_DECRYPT_SSL_TRAFFIC ++ ++#include "qssl_p.h" ++#include "qsslsocket_openssl_p.h" ++#include "qsslsocket_openssl_symbols_p.h" ++#include "qsslsocket.h" ++#include "qsslkey.h" ++ ++#include <QtCore/qdebug.h> ++#include <QtCore/qdir.h> ++#include <QtCore/qdiriterator.h> ++#include <QtCore/qthread.h> ++#include <QtCore/qfile.h> ++#include <QtCore/qmutex.h> ++#include <QtCore/qlibrary.h> ++ ++QT_BEGIN_NAMESPACE ++ ++/* \internal ++ ++ From OpenSSL's thread(3) manual page: ++ ++ OpenSSL can safely be used in multi-threaded applications provided that at ++ least two callback functions are set. ++ ++ locking_function(int mode, int n, const char *file, int line) is needed to ++ perform locking on shared data structures. (Note that OpenSSL uses a ++ number of global data structures that will be implicitly shared ++ whenever multiple threads use OpenSSL.) Multi-threaded ++ applications will crash at random if it is not set. ... ++ ... ++ id_function(void) is a function that returns a thread ID. It is not ++ needed on Windows nor on platforms where getpid() returns a different ++ ID for each thread (most notably Linux) ++*/ ++ ++class QOpenSslLocks ++{ ++public: ++ QOpenSslLocks() ++ : initLocker(QMutex::Recursive), ++ locksLocker(QMutex::Recursive) ++ { ++ QMutexLocker locker(&locksLocker); ++ int numLocks = q_CRYPTO_num_locks(); ++ locks = new QMutex *[numLocks]; ++ memset(locks, 0, numLocks * sizeof(QMutex *)); ++ } ++ ~QOpenSslLocks() ++ { ++ QMutexLocker locker(&locksLocker); ++ for (int i = 0; i < q_CRYPTO_num_locks(); ++i) ++ delete locks[i]; ++ delete [] locks; ++ ++ QSslSocketPrivate::deinitialize(); ++ } ++ QMutex *lock(int num) ++ { ++ QMutexLocker locker(&locksLocker); ++ QMutex *tmp = locks[num]; ++ if (!tmp) ++ tmp = locks[num] = new QMutex(QMutex::Recursive); ++ return tmp; ++ } ++ ++ QMutex *globalLock() ++ { ++ return &locksLocker; ++ } ++ ++ QMutex *initLock() ++ { ++ return &initLocker; ++ } ++ ++private: ++ QMutex initLocker; ++ QMutex locksLocker; ++ QMutex **locks; ++}; ++ ++Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) ++ ++extern "C" { ++static void locking_function(int mode, int lockNumber, const char *, int) ++{ ++ QMutex *mutex = openssl_locks()->lock(lockNumber); ++ ++ // Lock or unlock it ++ if (mode & CRYPTO_LOCK) ++ mutex->lock(); ++ else ++ mutex->unlock(); ++} ++static unsigned long id_function() ++{ ++ return (quintptr)QThread::currentThreadId(); ++} ++ ++} // extern "C" ++ ++static void q_OpenSSL_add_all_algorithms_safe() ++{ ++#ifdef Q_OS_WIN ++ // Prior to version 1.0.1m an attempt to call OpenSSL_add_all_algorithms on ++ // Windows could result in 'exit' call from OPENSSL_config (QTBUG-43843). ++ // We can predict this and avoid OPENSSL_add_all_algorithms call. ++ // From OpenSSL docs: ++ // "An application does not need to add algorithms to use them explicitly, ++ // for example by EVP_sha1(). It just needs to add them if it (or any of ++ // the functions it calls) needs to lookup algorithms. ++ // The cipher and digest lookup functions are used in many parts of the ++ // library. If the table is not initialized several functions will ++ // misbehave and complain they cannot find algorithms. This includes the ++ // PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in ++ // the OpenSSL mailing lists." ++ // ++ // Anyway, as a result, we chose not to call this function if it would exit. ++ ++ if (q_SSLeay() < 0x100010DFL) ++ { ++ // Now, before we try to call it, check if an attempt to open config file ++ // will result in exit: ++ if (char *confFileName = q_CONF_get1_default_config_file()) { ++ BIO *confFile = q_BIO_new_file(confFileName, "r"); ++ const auto lastError = q_ERR_peek_last_error(); ++ q_CRYPTO_free(confFileName); ++ if (confFile) { ++ q_BIO_free(confFile); ++ } else { ++ q_ERR_clear_error(); ++ if (ERR_GET_REASON(lastError) == ERR_R_SYS_LIB) { ++ qCWarning(lcSsl, "failed to open openssl.conf file"); ++ return; ++ } ++ } ++ } ++ } ++#endif // Q_OS_WIN ++ ++ q_OpenSSL_add_all_algorithms(); ++} ++ ++ ++/*! ++ \internal ++*/ ++void QSslSocketPrivate::deinitialize() ++{ ++ q_CRYPTO_set_id_callback(0); ++ q_CRYPTO_set_locking_callback(0); ++ q_ERR_free_strings(); ++} ++ ++ ++bool QSslSocketPrivate::ensureLibraryLoaded() ++{ ++ if (!q_resolveOpenSslSymbols()) ++ return false; ++ ++ // Check if the library itself needs to be initialized. ++ QMutexLocker locker(openssl_locks()->initLock()); ++ ++ if (!s_libraryLoaded) { ++ s_libraryLoaded = true; ++ ++ // Initialize OpenSSL. ++ q_CRYPTO_set_id_callback(id_function); ++ q_CRYPTO_set_locking_callback(locking_function); ++ if (q_SSL_library_init() != 1) ++ return false; ++ q_SSL_load_error_strings(); ++ q_OpenSSL_add_all_algorithms_safe(); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ if (q_SSLeay() >= 0x10001000L) ++ QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); ++#endif ++ ++ // Initialize OpenSSL's random seed. ++ if (!q_RAND_status()) { ++ qWarning("Random number generator not seeded, disabling SSL support"); ++ return false; ++ } ++ } ++ return true; ++} ++ ++void QSslSocketPrivate::ensureCiphersAndCertsLoaded() ++{ ++ QMutexLocker locker(openssl_locks()->initLock()); ++ if (s_loadedCiphersAndCerts) ++ return; ++ s_loadedCiphersAndCerts = true; ++ ++ resetDefaultCiphers(); ++ resetDefaultEllipticCurves(); ++ ++#if QT_CONFIG(library) ++ //load symbols needed to receive certificates from system store ++#if defined(Q_OS_WIN) ++ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); ++ if (hLib) { ++ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); ++ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); ++ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); ++ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) ++ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen ++ } else { ++ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen ++ } ++#elif defined(Q_OS_QNX) ++ s_loadRootCertsOnDemand = true; ++#elif defined(Q_OS_UNIX) && !defined(Q_OS_MACOS) ++ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) ++ QList<QByteArray> dirs = unixRootCertDirectories(); ++ QStringList symLinkFilter; ++ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); ++ for (int a = 0; a < dirs.count(); ++a) { ++ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); ++ if (iterator.hasNext()) { ++ s_loadRootCertsOnDemand = true; ++ break; ++ } ++ } ++#endif ++#endif // QT_CONFIG(library) ++ // if on-demand loading was not enabled, load the certs now ++ if (!s_loadRootCertsOnDemand) ++ setDefaultCaCertificates(systemCaCertificates()); ++#ifdef Q_OS_WIN ++ //Enabled for fetching additional root certs from windows update on windows 6+ ++ //This flag is set false by setDefaultCaCertificates() indicating the app uses ++ //its own cert bundle rather than the system one. ++ //Same logic that disables the unix on demand cert loading. ++ //Unlike unix, we do preload the certificates from the cert store. ++ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) ++ s_loadRootCertsOnDemand = true; ++#endif ++} ++ ++long QSslSocketPrivate::sslLibraryVersionNumber() ++{ ++ if (!supportsSsl()) ++ return 0; ++ ++ return q_SSLeay(); ++} ++ ++QString QSslSocketPrivate::sslLibraryVersionString() ++{ ++ if (!supportsSsl()) ++ return QString(); ++ ++ const char *versionString = q_SSLeay_version(SSLEAY_VERSION); ++ if (!versionString) ++ return QString(); ++ ++ return QString::fromLatin1(versionString); ++} ++ ++void QSslSocketBackendPrivate::continueHandshake() ++{ ++ Q_Q(QSslSocket); ++ // if we have a max read buffer size, reset the plain socket's to match ++ if (readBufferMaxSize) ++ plainSocket->setReadBufferSize(readBufferMaxSize); ++ ++ if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) ++ configuration.peerSessionShared = true; ++ ++#ifdef QT_DECRYPT_SSL_TRAFFIC ++ if (ssl->session && ssl->s3) { ++ const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); ++ QByteArray masterKey(mk, ssl->session->master_key_length); ++ const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); ++ QByteArray clientRandom(random, SSL3_RANDOM_SIZE); ++ ++ // different format, needed for e.g. older Wireshark versions: ++// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); ++// QByteArray sessionID(sid, ssl->session->session_id_length); ++// QByteArray debugLineRSA("RSA Session-ID:"); ++// debugLineRSA.append(sessionID.toHex().toUpper()); ++// debugLineRSA.append(" Master-Key:"); ++// debugLineRSA.append(masterKey.toHex().toUpper()); ++// debugLineRSA.append("\n"); ++ ++ QByteArray debugLineClientRandom("CLIENT_RANDOM "); ++ debugLineClientRandom.append(clientRandom.toHex().toUpper()); ++ debugLineClientRandom.append(" "); ++ debugLineClientRandom.append(masterKey.toHex().toUpper()); ++ debugLineClientRandom.append("\n"); ++ ++ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); ++ QFile file(sslKeyFile); ++ if (!file.open(QIODevice::Append)) ++ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; ++ if (!file.write(debugLineClientRandom)) ++ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; ++ file.close(); ++ } else { ++ qCWarning(lcSsl, "could not decrypt SSL traffic"); ++ } ++#endif ++ ++ // Cache this SSL session inside the QSslContext ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { ++ if (!sslContextPointer->cacheSession(ssl)) { ++ sslContextPointer.clear(); // we could not cache the session ++ } else { ++ // Cache the session for permanent usage as well ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { ++ if (!sslContextPointer->sessionASN1().isEmpty()) ++ configuration.sslSession = sslContextPointer->sessionASN1(); ++ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); ++ } ++ } ++ } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; ++ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { ++ // we could not agree -> be conservative and use HTTP/1.1 ++ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); ++ } else { ++ const unsigned char *proto = 0; ++ unsigned int proto_len = 0; ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) { ++ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); ++ if (proto_len && mode == QSslSocket::SslClientMode) { ++ // Client does not have a callback that sets it ... ++ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; ++ } ++ } ++ ++ if (!proto_len) { // Test if NPN was more lucky ... ++#else ++ { ++#endif ++ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); ++ } ++ ++ if (proto_len) ++ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); ++ else ++ configuration.nextNegotiatedProtocol.clear(); ++ } ++#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { ++ EVP_PKEY *key; ++ if (q_SSL_get_server_tmp_key(ssl, &key)) ++ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); ++ } ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... ++ ++ connectionEncrypted = true; ++ emit q->encrypted(); ++ if (autoStartHandshake && pendingClose) { ++ pendingClose = false; ++ q->disconnectFromHost(); ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri +index d2b0c2d60d..2783effaf1 100644 +--- a/src/network/ssl/ssl.pri ++++ b/src/network/ssl/ssl.pri +@@ -60,13 +60,25 @@ qtConfig(ssl) { + HEADERS += ssl/qsslcontext_openssl_p.h \ + ssl/qsslsocket_openssl_p.h \ + ssl/qsslsocket_openssl_symbols_p.h +- SOURCES += ssl/qsslcertificate_openssl.cpp \ +- ssl/qsslcontext_openssl.cpp \ ++ SOURCES += ssl/qsslsocket_openssl_symbols.cpp \ + ssl/qssldiffiehellmanparameters_openssl.cpp \ ++ ssl/qsslcertificate_openssl.cpp \ + ssl/qsslellipticcurve_openssl.cpp \ + ssl/qsslkey_openssl.cpp \ + ssl/qsslsocket_openssl.cpp \ +- ssl/qsslsocket_openssl_symbols.cpp ++ ssl/qsslcontext_openssl.cpp ++ ++ qtConfig(opensslv11) { ++ HEADERS += ssl/qsslsocket_openssl11_symbols_p.h ++ SOURCES += ssl/qsslsocket_openssl11.cpp \ ++ ssl/qsslcontext_openssl11.cpp ++ ++ QMAKE_CXXFLAGS += -DOPENSSL_API_COMPAT=0x10100000L ++ } else { ++ HEADERS += ssl/qsslsocket_opensslpre11_symbols_p.h ++ SOURCES += ssl/qsslsocket_opensslpre11.cpp \ ++ ssl/qsslcontext_opensslpre11.cpp ++ } + + darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp + diff --git a/nixpkgs/pkgs/development/libraries/qt-5/5.9/qtbase.patch b/nixpkgs/pkgs/development/libraries/qt-5/5.9/qtbase.patch index 086ddf4fe3e7..f87c508a3800 100644 --- a/nixpkgs/pkgs/development/libraries/qt-5/5.9/qtbase.patch +++ b/nixpkgs/pkgs/development/libraries/qt-5/5.9/qtbase.patch @@ -994,28 +994,6 @@ index 9a24938284..74962b4ae2 100644 if (!lib.load()) return false; } -diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp -index c92d8fc3f8..6008063bcf 100644 ---- a/src/network/ssl/qsslcontext_openssl.cpp -+++ b/src/network/ssl/qsslcontext_openssl.cpp -@@ -351,7 +351,7 @@ init_context: - - const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); - if (!qcurves.isEmpty()) { --#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - // Set the curves to be used - if (q_SSLeay() >= 0x10002000L) { - // SSL_CTX_ctrl wants a non-const pointer as last argument, -@@ -364,7 +364,7 @@ init_context: - sslContext->errorCode = QSslError::UnspecifiedError; - } - } else --#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - { - // specific curves requested, but not possible to set -> error - sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); diff --git a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp b/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp index b5a0a5bbeb..6c20305f4d 100644 --- a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp diff --git a/nixpkgs/pkgs/development/libraries/qt-5/modules/qtwebengine.nix b/nixpkgs/pkgs/development/libraries/qt-5/modules/qtwebengine.nix index 07fd048d6538..357c81fa4f61 100644 --- a/nixpkgs/pkgs/development/libraries/qt-5/modules/qtwebengine.nix +++ b/nixpkgs/pkgs/development/libraries/qt-5/modules/qtwebengine.nix @@ -20,8 +20,6 @@ with stdenv.lib; -let qt56 = qtCompatVersion == "5.6"; in - qtModule { name = "qtwebengine"; qtInputs = [ qtdeclarative qtquickcontrols qtlocation qtwebchannel ]; @@ -48,9 +46,9 @@ qtModule { # Patch Chromium build files + optionalString (lib.versionOlder qtCompatVersion "5.12") '' substituteInPlace ./src/3rdparty/chromium/build/common.gypi --replace /bin/echo ${coreutils}/bin/echo - substituteInPlace ./src/3rdparty/chromium/v8/${if qt56 then "build" else "gypfiles"}/toolchain.gypi \ + substituteInPlace ./src/3rdparty/chromium/v8/gypfiles/toolchain.gypi \ --replace /bin/echo ${coreutils}/bin/echo - substituteInPlace ./src/3rdparty/chromium/v8/${if qt56 then "build" else "gypfiles"}/standalone.gypi \ + substituteInPlace ./src/3rdparty/chromium/v8/gypfiles/standalone.gypi \ --replace /bin/echo ${coreutils}/bin/echo '' # Patch library paths in Qt sources @@ -219,7 +217,6 @@ EOF description = "A web engine based on the Chromium web browser"; maintainers = with maintainers; [ matthewbauer ]; platforms = platforms.unix; - broken = qt56; # 2018-09-13, no successful build since 2018-04-25 }; } |