From 8fc34e42a88835c4f1ceda1a23b9bbefcfb9039e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Siedlarek?= Date: Sat, 4 Oct 2014 11:44:18 +0200 Subject: [PATCH] Add information about unsupported SSL protocol when creating context. When creating SSL context failed due to unsupported protocol being demanded, no explanation was given. It's because QSslContext::fromConfiguration() extracted explanation for error message from OpenSSL, which at that point hasn't even been called yet. This patch adds explicit message informing that an unsupported protocol was chosen. Task-number: QTBUG-41775 Change-Id: I9d2710da4ba314a16837a90afcdc5d9256179bef Reviewed-by: Peter Hartmann --- src/network/ssl/qsslcontext_openssl.cpp | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index 1f787b0da3b..6daddebba36 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -124,13 +124,16 @@ QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSsl bool client = (mode == QSslSocket::SslClientMode); bool reinitialized = false; + bool unsupportedProtocol = false; init_context: switch (sslContext->sslConfiguration.protocol()) { case QSsl::SslV2: #ifndef OPENSSL_NO_SSL2 sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); #else - sslContext->ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error + // SSL 2 not supported by the system, but chosen deliberately -> error + sslContext->ctx = 0; + unsupportedProtocol = true; #endif break; case QSsl::SslV3: @@ -149,14 +152,18 @@ init_context: #if OPENSSL_VERSION_NUMBER >= 0x10001000L sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); #else - sslContext->ctx = 0; // TLS 1.1 not supported by the system, but chosen deliberately -> error + // TLS 1.1 not supported by the system, but chosen deliberately -> error + sslContext->ctx = 0; + unsupportedProtocol = true; #endif break; case QSsl::TlsV1_2: #if OPENSSL_VERSION_NUMBER >= 0x10001000L sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); #else - sslContext->ctx = 0; // TLS 1.2 not supported by the system, but chosen deliberately -> error + // TLS 1.2 not supported by the system, but chosen deliberately -> error + sslContext->ctx = 0; + unsupportedProtocol = true; #endif break; } @@ -169,7 +176,9 @@ init_context: goto init_context; } - sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); + sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( + unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() + ); sslContext->errorCode = QSslError::UnspecifiedError; return sslContext; }