QTlsBackend (OpenSSL) : detect incompatible versions

OpenSSL v3 among other nice things brought some nasty crashes (essentially, finally breaking what was already not so nice in 1.x: see, e.g. ASN1_ITEM_free and ASN1_ITEM_ptr that we have to use to free resources allocated by openssl). Let's, at least, not use v3 from Qt built with 1.1.1 and vice versa. Pick-to: 6.2 5.15 Change-Id: If14a2a0ce2189a1b7967b7ab7248d11d0f2fc423 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2021-10-06 14:01:25 +02:00 · 2021-10-06 14:01:25 +02:00 · 3abcff49eb
commit 3abcff49eb
parent e7cd245628
1 changed files with 13 additions and 1 deletions
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
@ -930,13 +930,25 @@ bool q_resolveOpenSslSymbols()
    RESOLVEFUNC(OpenSSL_version_num)
    RESOLVEFUNC(OpenSSL_version)

-    if (!_q_OpenSSL_version) {
+    if (!_q_OpenSSL_version || !_q_OpenSSL_version_num) {
        // Apparently, we were built with OpenSSL 1.1 enabled but are now using
        // a wrong library.
        qCWarning(lcTlsBackend, "Incompatible version of OpenSSL");
        return false;
    }

+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+    if (q_OpenSSL_version_num() < 0x30000000) {
+        qCWarning(lcTlsBackend, "Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)");
+        return false;
+    }
+#else
+    if (q_OpenSSL_version_num() >= 0x30000000) {
+        qCWarning(lcTlsBackend, "Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)");
+        return false;
+    }
+#endif // OPENSSL_VERSION_NUMBER
+
    RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)

 #if QT_CONFIG(dtls)