[packages/qt4.git] / openssl.patch

Description: Compile with openssl-1.1.0
 * Most changes are related to openssl structures are now opaque. 
 * The network/ssl threading setup has been disabled because the
   old openssl threading model has been removed and is apparently
   no longer needed.
 * A number of new functions had to be imported (see changes to
   src/network/ssl/qsslsocket_openssl_symbols.cpp) 
Author: Gert Wollny  <gw.fossdev@gmail.com>
Last-Update: 2016-06-28
Bug-Debian: http://bugs.debian.org/828522

--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -259,10 +259,10 @@
 QByteArray QSslCertificate::version() const
 {
     QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
-    if (d->versionString.isEmpty() && d->x509)
+    if (d->versionString.isEmpty() && d->x509) {
         d->versionString =
-            QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
-
+	    QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
+    }
     return d->versionString;
 }
 
@@ -276,7 +276,7 @@
 {
     QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
     if (d->serialNumberString.isEmpty() && d->x509) {
-        ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
+        ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
         // if we cannot convert to a long, just output the hexadecimal number
         if (serialNumber->length > 4) {
             QByteArray hexString;
@@ -489,24 +489,33 @@
     QSslKey key;
 
     key.d->type = QSsl::PublicKey;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     X509_PUBKEY *xkey = d->x509->cert_info->key;
+#else
+    X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509);
+#endif
     EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
     Q_ASSERT(pkey);
 
-    if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
+    int key_id;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    key_id = q_EVP_PKEY_type(pkey->type);
+#else
+    key_id = q_EVP_PKEY_base_id(pkey);
+#endif
+    if (key_id == EVP_PKEY_RSA) {
         key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
         key.d->algorithm = QSsl::Rsa;
         key.d->isNull = false;
-    } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
+    } else if (key_id == EVP_PKEY_DSA) {
         key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
         key.d->algorithm = QSsl::Dsa;
         key.d->isNull = false;
-    } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
+    } else if (key_id == EVP_PKEY_DH) {
         // DH unsupported
     } else {
         // error?
     }
-
     q_EVP_PKEY_free(pkey);
     return key;
 }
--- a/src/network/ssl/qsslkey.cpp
+++ b/src/network/ssl/qsslkey.cpp
@@ -321,8 +321,19 @@
 {
     if (d->isNull)
         return -1;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     return (d->algorithm == QSsl::Rsa)
            ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
+#else
+    if (d->algorithm == QSsl::Rsa) {
+        return q_RSA_bits(d->rsa);
+    }else{
+        BIGNUM *p = NULL;
+        q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
+	return q_BN_num_bits(p);
+    }
+#endif
+
 }
 
 /*!
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -93,6 +93,7 @@
 bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
 bool QSslSocketPrivate::s_loadRootCertsOnDemand = false;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 /* \internal
 
     From OpenSSL's thread(3) manual page:
@@ -174,6 +175,8 @@
 }
 } // extern "C"
 
+#endif //OPENSSL_VERSION_NUMBER >= 0x10100000L
+
 QSslSocketBackendPrivate::QSslSocketBackendPrivate()
     : ssl(0),
       ctx(0),
@@ -222,9 +225,12 @@
             ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
         ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
         ciph.d->bits = cipher->strength_bits;
         ciph.d->supportedBits = cipher->alg_bits;
-
+#else
+	ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
+#endif
     }
     return ciph;
 }
@@ -367,7 +373,7 @@
         //
         // See also: QSslContext::fromConfiguration()
         if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
-            q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
+	  q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
         }
     }
 
@@ -504,8 +510,10 @@
 */
 void QSslSocketPrivate::deinitialize()
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     q_CRYPTO_set_id_callback(0);
     q_CRYPTO_set_locking_callback(0);
+#endif
 }
 
 /*!
@@ -526,13 +534,17 @@
         return false;
 
     // Check if the library itself needs to be initialized.
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     QMutexLocker locker(openssl_locks()->initLock());
+#endif
     if (!s_libraryLoaded) {
         s_libraryLoaded = true;
 
         // Initialize OpenSSL.
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
         q_CRYPTO_set_id_callback(id_function);
         q_CRYPTO_set_locking_callback(locking_function);
+#endif
         if (q_SSL_library_init() != 1)
             return false;
         q_SSL_load_error_strings();
@@ -571,7 +583,9 @@
 
 void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
 {
-    QMutexLocker locker(openssl_locks()->initLock());
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  QMutexLocker locker(openssl_locks()->initLock());
+#endif
     if (s_loadedCiphersAndCerts)
         return;
     s_loadedCiphersAndCerts = true;
@@ -663,13 +677,18 @@
     STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
     for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
         if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
-            if (cipher->valid) {
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	  if (cipher->valid) {
+#endif
                 QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
                 if (!ciph.isNull()) {
                     if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
                         ciphers << ciph;
                 }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
             }
+#endif
         }
     }
 
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -399,7 +399,25 @@
 		PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
 			bp,(char *)x,enc,kstr,klen,cb,u)
 #endif
+
+X509_STORE * q_SSL_CTX_get_cert_store(const SSL_CTX *ctx);
+ASN1_INTEGER * q_X509_get_serialNumber(X509 *x);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define q_X509_get_version(x) X509_get_version(x)
+#else
+int q_EVP_PKEY_id(const EVP_PKEY *pkey);
+int q_EVP_PKEY_base_id(const EVP_PKEY *pkey);
+int q_SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
+long q_SSL_CTX_set_options(SSL_CTX *ctx, long options);
+long q_X509_get_version(X509 *x);
+X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
+int q_RSA_bits(const RSA *rsa);
+int q_DSA_security_bits(const DSA *dsa);
+void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
+#endif
+
 #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
 #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
 #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))
@@ -410,8 +428,15 @@
 #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
 #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
         q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define q_X509_get_notAfter(x) X509_get_notAfter(x)
 #define q_X509_get_notBefore(x) X509_get_notBefore(x)
+#else
+ASN1_TIME *q_X509_get_notAfter(X509 *x);
+ASN1_TIME *q_X509_get_notBefore(X509 *x);
+#endif
+
 #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
 					(char *)(rsa))
 #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -290,6 +290,22 @@
 DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG)
 DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return)
 DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return)
+DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx, return 0, return)
+
+DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return)
+DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return)
+DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *cipher, cipher, int *alg_bits, alg_bits, return 0, return)
+DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return)
+DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return)
+DEFINEFUNC(X509_PUBKEY *, X509_get_X509_PUBKEY, X509 *x, x, return 0, return)
+DEFINEFUNC(int, RSA_bits,  const RSA *rsa, rsa, return 0, return)
+DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
+DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return)
+DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return)
+DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q, BIGNUM **g, g, return, return)
+#endif
 
 #ifdef Q_OS_SYMBIAN
 #define RESOLVEFUNC(func, ordinal, lib) \
@@ -801,6 +817,7 @@
     RESOLVEFUNC(SSL_CTX_use_PrivateKey)
     RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
     RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
+    RESOLVEFUNC(SSL_CTX_get_cert_store)
     RESOLVEFUNC(SSL_accept)
     RESOLVEFUNC(SSL_clear)
     RESOLVEFUNC(SSL_connect)
@@ -823,6 +840,23 @@
     RESOLVEFUNC(SSL_set_connect_state)
     RESOLVEFUNC(SSL_shutdown)
     RESOLVEFUNC(SSL_write)
+
+    RESOLVEFUNC(X509_get_serialNumber)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    RESOLVEFUNC(SSL_CTX_ctrl)
+    RESOLVEFUNC(EVP_PKEY_id)
+    RESOLVEFUNC(EVP_PKEY_base_id)
+    RESOLVEFUNC(SSL_CIPHER_get_bits)
+    RESOLVEFUNC(SSL_CTX_set_options)
+    RESOLVEFUNC(X509_get_version)
+    RESOLVEFUNC(X509_get_X509_PUBKEY)
+    RESOLVEFUNC(RSA_bits)
+    RESOLVEFUNC(DSA_security_bits)
+    RESOLVEFUNC(DSA_get0_pqg)
+    RESOLVEFUNC(X509_get_notAfter)
+    RESOLVEFUNC(X509_get_notBefore)
+#endif
+
 #ifndef OPENSSL_NO_SSL2
     RESOLVEFUNC(SSLv2_client_method)
 #endif
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp.0131~	2017-03-15 02:22:37.053244125 +0100
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp	2017-03-15 02:22:37.055244057 +0100
@@ -328,7 +328,7 @@ int QSslKey::length() const
     if (d->algorithm == QSsl::Rsa) {
         return q_RSA_bits(d->rsa);
     }else{
-        BIGNUM *p = NULL;
+        const BIGNUM *p = NULL;
         q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
 	return q_BN_num_bits(p);
     }
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp.0131~	2017-03-15 02:22:37.054244091 +0100
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp	2017-03-15 02:29:41.155236836 +0100
@@ -111,16 +111,16 @@ DEFINEFUNC(int, ASN1_STRING_length, ASN1
 DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return);
 DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
 DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
+DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return)
 DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return)
 DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return)
-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
+DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
 DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
 DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
 DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return)
 DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG)
 DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG)
-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
+DEFINEFUNC(void, OPENSSL_free, void *a, a, return, DUMMYARG)
 DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG)
 #if  OPENSSL_VERSION_NUMBER < 0x00908000L
 DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, unsigned char **b, b, long c, c, return 0, return)
@@ -300,7 +300,7 @@ DEFINEFUNC(int, RSA_bits,  const RSA *rs
 DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
 DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return)
 DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return)
-DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q, BIGNUM **g, g, return, return)
+DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, return)
 #endif
 
 #ifdef Q_OS_SYMBIAN
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h.0131~	2017-03-15 02:22:37.054244091 +0100
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h	2017-03-15 02:29:50.192986268 +0100
@@ -59,6 +59,12 @@
 QT_BEGIN_NAMESPACE
 
 #define DUMMYARG
+#ifndef OPENSSL_NO_SSL2
+#define OPENSSL_NO_SSL2 1
+#endif
+#ifndef OPENSSL_NO_SSL3
+#define OPENSSL_NO_SSL3 1
+#endif
 
 #if !defined QT_LINKED_OPENSSL
 // **************** Shared declarations ******************
@@ -207,16 +213,16 @@ int q_ASN1_STRING_length(ASN1_STRING *a)
 int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
 long q_BIO_ctrl(BIO *a, int b, long c, void *d);
 int q_BIO_free(BIO *a);
-BIO *q_BIO_new(BIO_METHOD *a);
+BIO *q_BIO_new(const BIO_METHOD *a);
 BIO *q_BIO_new_mem_buf(void *a, int b);
 int q_BIO_read(BIO *a, void *b, int c);
-BIO_METHOD *q_BIO_s_mem();
+const BIO_METHOD *q_BIO_s_mem();
 int q_BIO_write(BIO *a, const void *b, int c);
 int q_BN_num_bits(const BIGNUM *a);
 int q_CRYPTO_num_locks();
 void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int));
 void q_CRYPTO_set_id_callback(unsigned long (*a)());
-void q_CRYPTO_free(void *a);
+void q_OPENSSL_free(void *a);
 void q_DSA_free(DSA *a);
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
 // 0.9.8 broke SC and BC by changing this function's signature.
@@ -326,7 +332,6 @@ void q_SSL_set_accept_state(SSL *a);
 void q_SSL_set_connect_state(SSL *a);
 int q_SSL_shutdown(SSL *a);
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
-const SSL_METHOD *q_SSLv2_client_method();
 const SSL_METHOD *q_SSLv3_client_method();
 const SSL_METHOD *q_SSLv23_client_method();
 const SSL_METHOD *q_TLSv1_client_method();
@@ -335,7 +340,6 @@ const SSL_METHOD *q_SSLv3_server_method(
 const SSL_METHOD *q_SSLv23_server_method();
 const SSL_METHOD *q_TLSv1_server_method();
 #else
-SSL_METHOD *q_SSLv2_client_method();
 SSL_METHOD *q_SSLv3_client_method();
 SSL_METHOD *q_SSLv23_client_method();
 SSL_METHOD *q_TLSv1_client_method();
@@ -415,7 +419,7 @@ long q_X509_get_version(X509 *x);
 X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
 int q_RSA_bits(const RSA *rsa);
 int q_DSA_security_bits(const DSA *dsa);
-void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
+void q_DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
 #endif
 
 #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp.omv~	2017-03-15 02:27:18.143322736 +0100
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp	2017-03-15 02:29:56.215819741 +0100
@@ -696,7 +696,7 @@
         unsigned char *data = 0;
         int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
         info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size);
-        q_CRYPTO_free(data);
+        q_OPENSSL_free(data);
     }
     return info;
 }
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp~	2018-09-15 19:28:24.000000000 +0200
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp	2018-09-15 22:33:03.704329933 +0200
@@ -228,13 +228,17 @@ DEFINEFUNC(int, SSL_shutdown, SSL *a, a,
 #ifndef OPENSSL_NO_SSL2
 DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
 #endif
+#ifndef OPENSSL_NO_SSL3
 DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
+#endif
 DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
 DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
 #ifndef OPENSSL_NO_SSL2
 DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
 #endif
+#ifndef OPENSSL_NO_SSL3
 DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
+#endif
 DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
 DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
 #else
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp~	2018-09-15 22:34:31.000000000 +0200
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp	2018-09-15 23:31:05.798009957 +0200
@@ -273,7 +273,11 @@ init_context:
 #endif
         break;
     case QSsl::SslV3:
+#ifndef OPENSSL_NO_SSL3
         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
+#else
+        ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
+#endif
         break;
     case QSsl::SecureProtocols: // SslV2 will be disabled below
     case QSsl::TlsV1SslV3: // SslV2 will be disabled below
Commit	Line	Data
28e099cc AM	1	Description: Compile with openssl-1.1.0
	2	* Most changes are related to openssl structures are now opaque.
	3	* The network/ssl threading setup has been disabled because the
	4	old openssl threading model has been removed and is apparently
	5	no longer needed.
	6	* A number of new functions had to be imported (see changes to
	7	src/network/ssl/qsslsocket_openssl_symbols.cpp)
	8	Author: Gert Wollny <gw.fossdev@gmail.com>
	9	Last-Update: 2016-06-28
	10	Bug-Debian: http://bugs.debian.org/828522
	11
	12	--- a/src/network/ssl/qsslcertificate.cpp
	13	+++ b/src/network/ssl/qsslcertificate.cpp
	14	@@ -259,10 +259,10 @@
	15	QByteArray QSslCertificate::version() const
	16	{
	17	QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
	18	- if (d->versionString.isEmpty() && d->x509)
	19	+ if (d->versionString.isEmpty() && d->x509) {
	20	d->versionString =
	21	- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
	22	-
	23	+ QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
	24	+ }
	25	return d->versionString;
	26	}
	27
	28	@@ -276,7 +276,7 @@
	29	{
	30	QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
	31	if (d->serialNumberString.isEmpty() && d->x509) {
	32	- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
	33	+ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
	34	// if we cannot convert to a long, just output the hexadecimal number
	35	if (serialNumber->length > 4) {
	36	QByteArray hexString;
	37	@@ -489,24 +489,33 @@
	38	QSslKey key;
	39
	40	key.d->type = QSsl::PublicKey;
	41	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	42	X509_PUBKEY *xkey = d->x509->cert_info->key;
	43	+#else
	44	+ X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509);
	45	+#endif
	46	EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
	47	Q_ASSERT(pkey);
	48
	49	- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
	50	+ int key_id;
	51	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	52	+ key_id = q_EVP_PKEY_type(pkey->type);
	53	+#else
	54	+ key_id = q_EVP_PKEY_base_id(pkey);
	55	+#endif
	56	+ if (key_id == EVP_PKEY_RSA) {
	57	key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
	58	key.d->algorithm = QSsl::Rsa;
	59	key.d->isNull = false;
	60	- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
	61	+ } else if (key_id == EVP_PKEY_DSA) {
	62	key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
	63	key.d->algorithm = QSsl::Dsa;
	64	key.d->isNull = false;
65	- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
66	+ } else if (key_id == EVP_PKEY_DH) {
67	// DH unsupported
68	} else {
69	// error?
70	}
71	-
72	q_EVP_PKEY_free(pkey);
73	return key;
74	}
75	--- a/src/network/ssl/qsslkey.cpp
76	+++ b/src/network/ssl/qsslkey.cpp
77	@@ -321,8 +321,19 @@
78	{
79	if (d->isNull)
80	return -1;
81	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
82	return (d->algorithm == QSsl::Rsa)
83	? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
84	+#else
85	+ if (d->algorithm == QSsl::Rsa) {
86	+ return q_RSA_bits(d->rsa);
87	+ }else{
88	+ BIGNUM *p = NULL;
89	+ q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
90	+ return q_BN_num_bits(p);
91	+ }
92	+#endif
93	+
94	}
95
96	/*!
97	--- a/src/network/ssl/qsslsocket_openssl.cpp
98	+++ b/src/network/ssl/qsslsocket_openssl.cpp
99	@@ -93,6 +93,7 @@
100	bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
101	bool QSslSocketPrivate::s_loadRootCertsOnDemand = false;
102
103	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
104	/* \internal
105
106	From OpenSSL's thread(3) manual page:
107	@@ -174,6 +175,8 @@
108	}
109	} // extern "C"
110
111	+#endif //OPENSSL_VERSION_NUMBER >= 0x10100000L
112	+
113	QSslSocketBackendPrivate::QSslSocketBackendPrivate()
114	: ssl(0),
115	ctx(0),
116	@@ -222,9 +225,12 @@
117	ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
118	ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
119
120	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
121	ciph.d->bits = cipher->strength_bits;
122	ciph.d->supportedBits = cipher->alg_bits;
123	-
124	+#else
125	+ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
126	+#endif
127	}
128	return ciph;
129	}
130	@@ -367,7 +373,7 @@
131	//
132	// See also: QSslContext::fromConfiguration()
133	if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
134	- q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
135	+ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
136	}
137	}
138
139	@@ -504,8 +510,10 @@
140	*/
141	void QSslSocketPrivate::deinitialize()
142	{
143	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
144	q_CRYPTO_set_id_callback(0);
145	q_CRYPTO_set_locking_callback(0);
146	+#endif
147	}
148
149	/*!
150	@@ -526,13 +534,17 @@
151	return false;
152
153	// Check if the library itself needs to be initialized.
154	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
155	QMutexLocker locker(openssl_locks()->initLock());
156	+#endif
157	if (!s_libraryLoaded) {
158	s_libraryLoaded = true;
159
160	// Initialize OpenSSL.
161	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
162	q_CRYPTO_set_id_callback(id_function);
163	q_CRYPTO_set_locking_callback(locking_function);
164	+#endif
165	if (q_SSL_library_init() != 1)
166	return false;
167	q_SSL_load_error_strings();
168	@@ -571,7 +583,9 @@
169
170	void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
171	{
172	- QMutexLocker locker(openssl_locks()->initLock());
173	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
174	+ QMutexLocker locker(openssl_locks()->initLock());
175	+#endif
176	if (s_loadedCiphersAndCerts)
177	return;
178	s_loadedCiphersAndCerts = true;
179	@@ -663,13 +677,18 @@
180	STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
181	for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
182	if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
183	- if (cipher->valid) {
184	+
185	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
186	+ if (cipher->valid) {
187	+#endif
188	QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
189	if (!ciph.isNull()) {
190	if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
191	ciphers << ciph;
192	}
193	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
194	}
195	+#endif
196	}
197	}
198
199	--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
200	+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
201	@@ -399,7 +399,25 @@
202	PEM_ASN1_write_bio((int ()(void, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
203	bp,(char *)x,enc,kstr,klen,cb,u)
204	#endif
205	+
206	+X509_STORE * q_SSL_CTX_get_cert_store(const SSL_CTX *ctx);
207	+ASN1_INTEGER * q_X509_get_serialNumber(X509 *x);
208	+
209	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
210	#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
211	+#define q_X509_get_version(x) X509_get_version(x)
212	+#else
213	+int q_EVP_PKEY_id(const EVP_PKEY *pkey);
214	+int q_EVP_PKEY_base_id(const EVP_PKEY *pkey);
215	+int q_SSL_CIPHER_get_bits(const SSL_CIPHER cipher, int alg_bits);
216	+long q_SSL_CTX_set_options(SSL_CTX *ctx, long options);
217	+long q_X509_get_version(X509 *x);
218	+X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
219	+int q_RSA_bits(const RSA *rsa);
220	+int q_DSA_security_bits(const DSA *dsa);
221	+void q_DSA_get0_pqg(const DSA d, BIGNUM p, BIGNUM q, BIGNUM *g);
222	+#endif
223	+
224	#define q_SKM_sk_num(type, st) ((int ()(const STACK_OF(type) ))q_sk_num)(st)
225	#define q_SKM_sk_value(type, st,i) ((type * ()(const STACK_OF(type) , int))q_sk_value)(st, i)
226	#define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))
227	@@ -410,8 +428,15 @@
228	#define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
229	#define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
230	q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
231	+
232	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
233	#define q_X509_get_notAfter(x) X509_get_notAfter(x)
234	#define q_X509_get_notBefore(x) X509_get_notBefore(x)
235	+#else
236	+ASN1_TIME q_X509_get_notAfter(X509 x);
237	+ASN1_TIME q_X509_get_notBefore(X509 x);
238	+#endif
239	+
240	#define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
241	(char *)(rsa))
242	#define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
243	--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
244	+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
245	@@ -290,6 +290,22 @@
246	DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG)
247	DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX ctx, ctx, const char CAfile, CAfile, const char *CApath, CApath, return 0, return)
248	DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return)
249	+DEFINEFUNC(X509_STORE , SSL_CTX_get_cert_store, const SSL_CTX ctx, ctx, return 0, return)
250	+
251	+DEFINEFUNC(ASN1_INTEGER , X509_get_serialNumber, X509 x, x, return 0, return)
252	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
253	+DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return)
254	+DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return)
255	+DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER cipher, cipher, int alg_bits, alg_bits, return 0, return)
256	+DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return)
257	+DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return)
258	+DEFINEFUNC(X509_PUBKEY , X509_get_X509_PUBKEY, X509 x, x, return 0, return)
259	+DEFINEFUNC(int, RSA_bits, const RSA *rsa, rsa, return 0, return)
260	+DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
261	+DEFINEFUNC(ASN1_TIME , X509_get_notAfter, X509 x, x, return 0, return)
262	+DEFINEFUNC(ASN1_TIME , X509_get_notBefore, X509 x, x, return 0, return)
263	+DEFINEFUNC4(void, DSA_get0_pqg, const DSA d, d, BIGNUM p, p, BIGNUM q, q, BIGNUM *g, g, return, return)
264	+#endif
265
266	#ifdef Q_OS_SYMBIAN
267	#define RESOLVEFUNC(func, ordinal, lib) \
268	@@ -801,6 +817,7 @@
269	RESOLVEFUNC(SSL_CTX_use_PrivateKey)
270	RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
271	RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
272	+ RESOLVEFUNC(SSL_CTX_get_cert_store)
273	RESOLVEFUNC(SSL_accept)
274	RESOLVEFUNC(SSL_clear)
275	RESOLVEFUNC(SSL_connect)
276	@@ -823,6 +840,23 @@
277	RESOLVEFUNC(SSL_set_connect_state)
278	RESOLVEFUNC(SSL_shutdown)
279	RESOLVEFUNC(SSL_write)
280	+
281	+ RESOLVEFUNC(X509_get_serialNumber)
282	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
283	+ RESOLVEFUNC(SSL_CTX_ctrl)
284	+ RESOLVEFUNC(EVP_PKEY_id)
285	+ RESOLVEFUNC(EVP_PKEY_base_id)
286	+ RESOLVEFUNC(SSL_CIPHER_get_bits)
287	+ RESOLVEFUNC(SSL_CTX_set_options)
288	+ RESOLVEFUNC(X509_get_version)
289	+ RESOLVEFUNC(X509_get_X509_PUBKEY)
290	+ RESOLVEFUNC(RSA_bits)
291	+ RESOLVEFUNC(DSA_security_bits)
292	+ RESOLVEFUNC(DSA_get0_pqg)
293	+ RESOLVEFUNC(X509_get_notAfter)
294	+ RESOLVEFUNC(X509_get_notBefore)
295	+#endif
296	+
297	#ifndef OPENSSL_NO_SSL2
298	RESOLVEFUNC(SSLv2_client_method)
299	#endif
300	--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp.0131~ 2017-03-15 02:22:37.053244125 +0100
301	+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp 2017-03-15 02:22:37.055244057 +0100
302	@@ -328,7 +328,7 @@ int QSslKey::length() const
303	if (d->algorithm == QSsl::Rsa) {
304	return q_RSA_bits(d->rsa);
305	}else{
306	- BIGNUM *p = NULL;
307	+ const BIGNUM *p = NULL;
308	q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
309	return q_BN_num_bits(p);
310	}
311	--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp.0131~ 2017-03-15 02:22:37.054244091 +0100
312	+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-03-15 02:29:41.155236836 +0100
313	@@ -111,16 +111,16 @@ DEFINEFUNC(int, ASN1_STRING_length, ASN1
314	DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char *a, a, ASN1_STRING b, b, return 0, return);
315	DEFINEFUNC4(long, BIO_ctrl, BIO a, a, int b, b, long c, c, void d, d, return -1, return)
316	DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
317	-DEFINEFUNC(BIO , BIO_new, BIO_METHOD a, a, return 0, return)
318	+DEFINEFUNC(BIO , BIO_new, const BIO_METHOD a, a, return 0, return)
319	DEFINEFUNC2(BIO , BIO_new_mem_buf, void a, a, int b, b, return 0, return)
320	DEFINEFUNC3(int, BIO_read, BIO a, a, void b, b, int c, c, return -1, return)
321	-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
322	+DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
323	DEFINEFUNC3(int, BIO_write, BIO a, a, const void b, b, int c, c, return -1, return)
324	DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
325	DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return)
326	DEFINEFUNC(void, CRYPTO_set_locking_callback, void (a)(int, int, const char , int), a, return, DUMMYARG)
327	DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG)
328	-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
329	+DEFINEFUNC(void, OPENSSL_free, void *a, a, return, DUMMYARG)
330	DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG)
331	#if OPENSSL_VERSION_NUMBER < 0x00908000L
332	DEFINEFUNC3(X509 , d2i_X509, X509 a, a, unsigned char *b, b, long c, c, return 0, return)
333	@@ -300,7 +300,7 @@ DEFINEFUNC(int, RSA_bits, const RSA *rs
334	DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
335	DEFINEFUNC(ASN1_TIME , X509_get_notAfter, X509 x, x, return 0, return)
336	DEFINEFUNC(ASN1_TIME , X509_get_notBefore, X509 x, x, return 0, return)
337	-DEFINEFUNC4(void, DSA_get0_pqg, const DSA d, d, BIGNUM p, p, BIGNUM q, q, BIGNUM *g, g, return, return)
338	+DEFINEFUNC4(void, DSA_get0_pqg, const DSA d, d, const BIGNUM p, p, const BIGNUM q, q, const BIGNUM *g, g, return, return)
339	#endif
340
341	#ifdef Q_OS_SYMBIAN
342	--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h.0131~ 2017-03-15 02:22:37.054244091 +0100
343	+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-03-15 02:29:50.192986268 +0100
344	@@ -59,6 +59,12 @@
345	QT_BEGIN_NAMESPACE
346
347	#define DUMMYARG
348	+#ifndef OPENSSL_NO_SSL2
349	+#define OPENSSL_NO_SSL2 1
350	+#endif
351	+#ifndef OPENSSL_NO_SSL3
352	+#define OPENSSL_NO_SSL3 1
353	+#endif
354
355	#if !defined QT_LINKED_OPENSSL
356	// ************** Shared declarations ****************
357	@@ -207,16 +213,16 @@ int q_ASN1_STRING_length(ASN1_STRING *a)
358	int q_ASN1_STRING_to_UTF8(unsigned char *a, ASN1_STRING b);
359	long q_BIO_ctrl(BIO a, int b, long c, void d);
360	int q_BIO_free(BIO *a);
361	-BIO q_BIO_new(BIO_METHOD a);
362	+BIO q_BIO_new(const BIO_METHOD a);
363	BIO q_BIO_new_mem_buf(void a, int b);
364	int q_BIO_read(BIO a, void b, int c);
365	-BIO_METHOD *q_BIO_s_mem();
366	+const BIO_METHOD *q_BIO_s_mem();
367	int q_BIO_write(BIO a, const void b, int c);
368	int q_BN_num_bits(const BIGNUM *a);
369	int q_CRYPTO_num_locks();
370	void q_CRYPTO_set_locking_callback(void (a)(int, int, const char , int));
371	void q_CRYPTO_set_id_callback(unsigned long (*a)());
372	-void q_CRYPTO_free(void *a);
373	+void q_OPENSSL_free(void *a);
374	void q_DSA_free(DSA *a);
375	#if OPENSSL_VERSION_NUMBER >= 0x00908000L
376	// 0.9.8 broke SC and BC by changing this function's signature.
377	@@ -326,7 +332,6 @@ void q_SSL_set_accept_state(SSL *a);
378	void q_SSL_set_connect_state(SSL *a);
379	int q_SSL_shutdown(SSL *a);
380	#if OPENSSL_VERSION_NUMBER >= 0x10000000L
381	-const SSL_METHOD *q_SSLv2_client_method();
382	const SSL_METHOD *q_SSLv3_client_method();
383	const SSL_METHOD *q_SSLv23_client_method();
384	const SSL_METHOD *q_TLSv1_client_method();
385	@@ -335,7 +340,6 @@ const SSL_METHOD *q_SSLv3_server_method(
386	const SSL_METHOD *q_SSLv23_server_method();
387	const SSL_METHOD *q_TLSv1_server_method();
388	#else
389	-SSL_METHOD *q_SSLv2_client_method();
390	SSL_METHOD *q_SSLv3_client_method();
391	SSL_METHOD *q_SSLv23_client_method();
392	SSL_METHOD *q_TLSv1_client_method();
393	@@ -415,7 +419,7 @@ long q_X509_get_version(X509 *x);
394	X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
395	int q_RSA_bits(const RSA *rsa);
396	int q_DSA_security_bits(const DSA *dsa);
397	-void q_DSA_get0_pqg(const DSA d, BIGNUM p, BIGNUM q, BIGNUM *g);
398	+void q_DSA_get0_pqg(const DSA d, const BIGNUM p, const BIGNUM q, const BIGNUM *g);
399	#endif
400
401	#define q_SKM_sk_num(type, st) ((int ()(const STACK_OF(type) ))q_sk_num)(st)
402	--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp.omv~ 2017-03-15 02:27:18.143322736 +0100
403	+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp 2017-03-15 02:29:56.215819741 +0100
404	@@ -696,7 +696,7 @@
405	unsigned char *data = 0;
406	int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
407	info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size);
408	- q_CRYPTO_free(data);
409	+ q_OPENSSL_free(data);
410	}
411	return info;
412	}
413	--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp~ 2018-09-15 19:28:24.000000000 +0200
414	+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp 2018-09-15 22:33:03.704329933 +0200
415	@@ -228,13 +228,17 @@ DEFINEFUNC(int, SSL_shutdown, SSL *a, a,
416	#ifndef OPENSSL_NO_SSL2
417	DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
418	#endif
419	+#ifndef OPENSSL_NO_SSL3
420	DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
421	+#endif
422	DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
423	DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
424	#ifndef OPENSSL_NO_SSL2
425	DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
426	#endif
427	+#ifndef OPENSSL_NO_SSL3
428	DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
429	+#endif
430	DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
431	DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
432	#else
433	--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp~ 2018-09-15 22:34:31.000000000 +0200
434	+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp 2018-09-15 23:31:05.798009957 +0200
435	@@ -273,7 +273,11 @@ init_context:
436	#endif
437	break;
438	case QSsl::SslV3:
439	+#ifndef OPENSSL_NO_SSL3
440	ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
441	+#else
442	+ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
443	+#endif
444	break;
445	case QSsl::SecureProtocols: // SslV2 will be disabled below
446	case QSsl::TlsV1SslV3: // SslV2 will be disabled below