Details
-
Bug
-
Resolution: Unresolved
-
P5: Not important
-
None
-
5.12.1
-
None
-
Qt 5.12.1, Win 7 x64
-
Windows
Description
QMap<QByteArray, QVariant> backendSettings; backendSettings["Options"] = "-EncryptThenMac"; backendSettings["Groups"] = "X25519:P-521:P-384:P-256"; defaultConfig.setBackendConfiguration(backendSettings);
I have been starting to change some OpenSSL backend settings through setBackendConfiguration() and ran into the problem when I was trying to set the above "Options" value. I would always get an "An error occurred attempting to set Options to -EncryptThenMac" error. This happened with any valid Value I passed to Options. After tracing into OpenSSL code, it was failing in a ssl_match_option() function at the first conditional checking for the correct flags.
Turns out the issue is that in qsslcontext_openssl.cpp, the line:
q_SSL_CONF_CTX_set_flags(cctx.data(), SSL_CONF_FLAG_FILE);
is missing required flags: https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_CTX_clear_flags.html
SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER
recognise options intended for use in SSL/TLS clients or servers. One or both of these flags *must* be set.
After changing the line to:
q_SSL_CONF_CTX_set_flags(cctx.data(), SSL_CONF_FLAG_FILE | SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_SERVER);
setting any Options now works.