Fix supportsSsl() to make it more consistent

Attempts to use QSslSocket and its OpenSSL 1.1 back-end with OpenSSL 1.1.1 in a very peculiar way (for some reason the reporter calls OPENSSL_no_config()) combined with a bug in OpenSSL 1.1.1 resulted in a QSslSocket dead-locking in initialization. This was happening because supportsSsl() first reported false (OpenSSL internally fails to initialize after OPENSSL_no_config()), but we have s_libraryLoaded set to true too early, thus the first supportsSsl() returns false, the second - true. Move setting of s_libraryLoaded later so that we don't claim to support OpenSSL when an earlier ensureLibraryLoaded() attempt failed. Task-number: QTBUG-70956 Task-number: QTBUG-71446 Change-Id: I8ad8763d357c84fc38c62e2ce914366367c2b445 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2018-10-30 10:43:51 +01:00 · 2018-10-30 10:43:51 +01:00 · 6114230996
commit 6114230996
parent e3a552a130
3 changed files with 9 additions and 4 deletions
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@ -474,7 +474,12 @@ void QSslSocketPrivate::resetDefaultCiphers()
 #else
    SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method());
 #endif
+    // Note, we assert, not just silently return/bail out early:
+    // this should never happen and problems with OpenSSL's initialization
+    // must be caught before this (see supportsSsl()).
+    Q_ASSERT(myCtx);
    SSL *mySsl = q_SSL_new(myCtx);
+    Q_ASSERT(mySsl);

    QList<QSslCipher> ciphers;
    QList<QSslCipher> defaultCiphers;
--- a/src/network/ssl/qsslsocket_openssl11.cpp
+++ b/src/network/ssl/qsslsocket_openssl11.cpp
@ -88,8 +88,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
    const QMutexLocker locker(qt_opensslInitMutex);

    if (!s_libraryLoaded) {
-        s_libraryLoaded = true;
-
        // Initialize OpenSSL.
        if (q_OPENSSL_init_ssl(0, nullptr) != 1)
            return false;
@ -105,6 +103,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
            qWarning("Random number generator not seeded, disabling SSL support");
            return false;
        }
+
+        s_libraryLoaded = true;
    }
    return true;
 }
--- a/src/network/ssl/qsslsocket_opensslpre11.cpp
+++ b/src/network/ssl/qsslsocket_opensslpre11.cpp
@ -215,8 +215,6 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
    QMutexLocker locker(openssl_locks()->initLock());

    if (!s_libraryLoaded) {
-        s_libraryLoaded = true;
-
        // Initialize OpenSSL.
        q_CRYPTO_set_id_callback(id_function);
        q_CRYPTO_set_locking_callback(locking_function);
@ -235,6 +233,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
            qWarning("Random number generator not seeded, disabling SSL support");
            return false;
        }
+
+        s_libraryLoaded = true;
    }
    return true;
 }