Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-42115

Update openssl on build machines to newer version (Ubuntu)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 5.4.0 RC
    • 5.4.0 Beta
    • Packaging & Installer
    • None
    • Binary packages for Linux (both 32 bit and 64 bit)

    Description

      The current build machines for Linux are based on Ubuntu 11.10, which only features openssl 1.0.0e. The effect is that support for TLSv1.1, TLSv1.2, as well as the nextprotoneg extension is not compiled into Qt5Network.

      This is visible to the user in that:

      • QSslSocket cannot make use of TLSv1.1, TLSv1.2.
      • calling either QSslSocket::setProtocol(QSsl::TlsV1_1) or QSslSocket::setProtocol(QSsl::TlsV1_2) prevents the openssl socket to open
      • QSslConfiguration::[set]AllowedNextProtocols, QSslConfiguration::nextNegotiatedProtocol, nextProtocolNegotiationStatus are non-functional
      • The SPDY protocol is therefore not supported

      I suggest we upgrade the build machines to use a newer openssl version. The effect however will be that, if the runtime version of openssl is too old (older than 1.0.1), using qsslsocket will print qWarnings:

      QSslSocket: cannot resolve SSLv2_client_method
QSslSocket: cannot resolve TLSv1_1_client_method
QSslSocket: cannot resolve TLSv1_2_client_method
QSslSocket: cannot resolve SSLv2_server_method
QSslSocket: cannot resolve TLSv1_1_server_method
QSslSocket: cannot resolve TLSv1_2_server_method
QSslSocket: cannot resolve SSL_select_next_proto
QSslSocket: cannot resolve SSL_CTX_set_next_proto_select_cb
QSslSocket: cannot resolve SSL_get0_next_proto_negotiated

      This is IMO acceptable.

      To compile Qt with a custom openssl you need to set two environment variables, e.g.

      export CPATH=/usr/local/openssl/include
      export LIBRARY_PATH=/usr/local/openssl/lib
      ./configure [...]

      (passing -I, -L to configure does taint the resulting SDK with the build paths)

      Attachments

        Issue Links

          is required for

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-40251 QSslSocket::setProtocol() causes SSL context error on Ubuntu 14.04

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-42161 Build with newer openssl headers on build machines (Mac)

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          resulted in

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-43173 Allow hiding of "QSslSocket: cannot resolve ..." warnings

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              releaseteam Qt Release Team
              kkohne Kai Köhne
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes