1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix supportsSsl() to make it more consistent

Browse Source 
Attempts to use QSslSocket and its OpenSSL 1.1 back-end with OpenSSL 1.1.1
in a very peculiar way (for some reason the reporter calls  OPENSSL_no_config())
combined with a bug in OpenSSL 1.1.1 resulted in a QSslSocket dead-locking
in initialization. This was happening because supportsSsl() first reported
false (OpenSSL internally fails to initialize after OPENSSL_no_config()),
but we have s_libraryLoaded set to true too early, thus the first supportsSsl()
returns false, the second - true.

Move setting of s_libraryLoaded later so that we don't claim to support
OpenSSL when an earlier ensureLibraryLoaded() attempt failed.

Task-number: QTBUG-70956
Task-number: QTBUG-71446
Change-Id: I8ad8763d357c84fc38c62e2ce914366367c2b445
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This commit is contained in:
Timur Pocheptsov 2018-10-30 10:43:51 +01:00
parent e3a552a130
commit 6114230996
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/network/ssl/qsslsocket_openssl.cpp
View File

@ -474,7 +474,12 @@ void QSslSocketPrivate::resetDefaultCiphers()
#else #else
SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method());
#endif #endif
// Note, we assert, not just silently return/bail out early:
// this should never happen and problems with OpenSSL's initialization
// must be caught before this (see supportsSsl()).
Q_ASSERT(myCtx);
SSL *mySsl = q_SSL_new(myCtx); SSL *mySsl = q_SSL_new(myCtx);
Q_ASSERT(mySsl);
QList<QSslCipher> ciphers; QList<QSslCipher> ciphers;
QList<QSslCipher> defaultCiphers; QList<QSslCipher> defaultCiphers;

4
src/network/ssl/qsslsocket_openssl11.cpp
View File

@ -88,8 +88,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
const QMutexLocker locker(qt_opensslInitMutex); const QMutexLocker locker(qt_opensslInitMutex);
if (!s_libraryLoaded) { if (!s_libraryLoaded) {
s_libraryLoaded = true;
// Initialize OpenSSL. // Initialize OpenSSL.
if (q_OPENSSL_init_ssl(0, nullptr) != 1) if (q_OPENSSL_init_ssl(0, nullptr) != 1)
return false; return false;
@ -105,6 +103,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
qWarning("Random number generator not seeded, disabling SSL support"); qWarning("Random number generator not seeded, disabling SSL support");
return false; return false;
} }
s_libraryLoaded = true;
} }
return true; return true;
} }

4
src/network/ssl/qsslsocket_opensslpre11.cpp
View File

@ -215,8 +215,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
QMutexLocker locker(openssl_locks()->initLock()); QMutexLocker locker(openssl_locks()->initLock());
if (!s_libraryLoaded) { if (!s_libraryLoaded) {
s_libraryLoaded = true;
// Initialize OpenSSL. // Initialize OpenSSL.
q_CRYPTO_set_id_callback(id_function); q_CRYPTO_set_id_callback(id_function);
q_CRYPTO_set_locking_callback(locking_function); q_CRYPTO_set_locking_callback(locking_function);
@ -235,6 +233,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
qWarning("Random number generator not seeded, disabling SSL support"); qWarning("Random number generator not seeded, disabling SSL support");
return false; return false;
} }
s_libraryLoaded = true;
} }
return true; return true;
} }