From 2bb96961dcfab0e834eccae22dbefa6fbcc76ef406e83a4958d4bf7c8304df50 Mon Sep 17 00:00:00 2001 From: Fabian Vogt Date: Thu, 31 Aug 2017 07:52:40 +0000 Subject: [PATCH] - Add patch to allow build with Qt5 built against openSSL 1.1 (boo#1055489): * 0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch OBS-URL: https://build.opensuse.org/package/show/KDE:Frameworks5/kdelibs4support?expand=0&rev=150 --- ...e-kssl-compile-against-OpenSSL-1.1.0.patch | 1064 +++++++++++++++++ kdelibs4support.changes | 6 + kdelibs4support.spec | 5 +- 3 files changed, 1073 insertions(+), 2 deletions(-) create mode 100644 0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch diff --git a/0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch b/0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch new file mode 100644 index 0000000..62cfe7f --- /dev/null +++ b/0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch @@ -0,0 +1,1064 @@ +From 298fb77362a0fb24aa84f9b79030b95f88dc9ab6 Mon Sep 17 00:00:00 2001 +From: Fabian Vogt +Date: Thu, 24 Aug 2017 15:11:40 +0200 +Subject: [PATCH] Make kssl compile against OpenSSL 1.1.0 + +Summary: +OpenSSL 1.1.0 contains some source-incompatible changes, most notably making most of the +structures opaque and introducing new getter/setter functions to modify the structures. This +patch adds some of the newly introduced functions to the KOpenSSL class and modifies the code to call them. The implementation of those newly introduced methods contains both OpenSSL < 1.1 compatible code (direct structure member access) and calls to real functions resolved from OpenSSL>= 1.1 library. Which implementation is used is decided at compile time. Some of the existing methods were renamed to match the OpenSSL 1.1 naming and to avoid conflicts with backward-compatibility names provided by OpenSSL 1.1. + +KSSLCertificate::toNetscape() returns empty result when built against OpenSSL 1.1 since I wasn't able to find a proper equivalent in OpenSSL 1.1 API (and there does not seem to be any). + +BUG: 370223 + +Test Plan: The code compiles under both OpenSSL 1.1 and OpenSSL 1.0.x. I did not test the actual functionality. + +Reviewers: #frameworks, dfaure + +Subscribers: fvogt, ltoscano, rdieter, #frameworks + +Tags: #frameworks + +Differential Revision: https://phabricator.kde.org/D6665 +--- + src/kssl/kopenssl.cpp | 306 ++++++++++++++++++++++++++++++++++++++----- + src/kssl/kopenssl.h | 76 +++++++++-- + src/kssl/kssl.cpp | 4 - + src/kssl/ksslcallback.c | 4 +- + src/kssl/ksslcertchain.cpp | 51 +++----- + src/kssl/ksslcertificate.cpp | 68 ++++++---- + 6 files changed, 391 insertions(+), 118 deletions(-) + +diff --git a/src/kssl/kopenssl.cpp b/src/kssl/kopenssl.cpp +index 6b7a648b..c68a134a 100644 +--- a/src/kssl/kopenssl.cpp ++++ b/src/kssl/kopenssl.cpp +@@ -69,18 +69,26 @@ extern "C" { + static int (*K_X509_verify_cert)(X509_STORE_CTX *) = nullptr; + static X509_STORE_CTX *(*K_X509_STORE_CTX_new)(void) = nullptr; + static void (*K_X509_STORE_free)(X509_STORE *) = nullptr; ++ static void (*K_X509_STORE_set_verify_cb)(X509_STORE *, int (*)(int, X509_STORE_CTX *)) = nullptr; + static X509_STORE *(*K_X509_STORE_new)(void) = nullptr; + static void (*K_X509_free)(X509 *) = nullptr; + static char *(*K_X509_NAME_oneline)(X509_NAME *, char *, int) = nullptr; + static X509_NAME *(*K_X509_get_subject_name)(X509 *) = nullptr; + static X509_NAME *(*K_X509_get_issuer_name)(X509 *) = nullptr; ++ static void (*K_X509_get0_signature)(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x) = nullptr; + static X509_LOOKUP *(*K_X509_STORE_add_lookup)(X509_STORE *, X509_LOOKUP_METHOD *) = nullptr; + static X509_LOOKUP_METHOD *(*K_X509_LOOKUP_file)(void) = nullptr; + static void (*K_X509_LOOKUP_free)(X509_LOOKUP *) = nullptr; + static int (*K_X509_LOOKUP_ctrl)(X509_LOOKUP *, int, const char *, long, char **) = nullptr; + static void (*K_X509_STORE_CTX_init)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *) = nullptr; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static void (*K_CRYPTO_free)(void *) = nullptr; ++#else ++ static void (*K_CRYPTO_free)(void *, const char *, int) = nullptr; ++#endif + static X509 *(*K_X509_dup)(X509 *) = nullptr; ++ static ASN1_TIME *(*K_X509_getm_notBefore)(const X509 *) = nullptr; ++ static ASN1_TIME *(*K_X509_getm_notAfter)(const X509 *) = nullptr; + static BIO_METHOD *(*K_BIO_s_mem)(void) = nullptr; + static BIO *(*K_BIO_new)(BIO_METHOD *) = nullptr; + static BIO *(*K_BIO_new_fp)(FILE *, int) = nullptr; +@@ -112,13 +120,16 @@ extern "C" { + static STACK_OF(X509) *(*K_SSL_get_peer_cert_chain)(SSL *) = nullptr; + static void (*K_X509_STORE_CTX_set_chain)(X509_STORE_CTX *, STACK_OF(X509) *) = nullptr; + static void (*K_X509_STORE_CTX_set_purpose)(X509_STORE_CTX *, int) = nullptr; +- static void (*K_sk_free)(STACK *) = nullptr; +- static int (*K_sk_num)(STACK *) = nullptr; +- static char *(*K_sk_pop)(STACK *) = nullptr; +- static char *(*K_sk_value)(STACK *, int) = nullptr; +- static STACK *(*K_sk_new)(int (*)()) = nullptr; +- static int (*K_sk_push)(STACK *, char *) = nullptr; +- static STACK *(*K_sk_dup)(STACK *) = nullptr; ++ static X509 *(*K_X509_STORE_CTX_get_current_cert)(X509_STORE_CTX *) = nullptr; ++ static void (*K_X509_STORE_CTX_set_error)(X509_STORE_CTX *, int) = nullptr; ++ static int (*K_X509_STORE_CTX_get_error)(X509_STORE_CTX *) = nullptr; ++ static void (*K_OPENSSL_sk_free)(STACK *) = nullptr; ++ static int (*K_OPENSSL_sk_num)(STACK *) = nullptr; ++ static char *(*K_OPENSSL_sk_pop)(STACK *) = nullptr; ++ static char *(*K_OPENSSL_sk_value)(STACK *, int) = nullptr; ++ static STACK *(*K_OPENSSL_sk_new)(int (*)()) = nullptr; ++ static int (*K_OPENSSL_sk_push)(STACK *, char *) = nullptr; ++ static STACK *(*K_OPENSSL_sk_dup)(STACK *) = nullptr; + static char *(*K_i2s_ASN1_INTEGER)(X509V3_EXT_METHOD *, ASN1_INTEGER *) = nullptr; + static ASN1_INTEGER *(*K_X509_get_serialNumber)(X509 *) = nullptr; + static EVP_PKEY *(*K_X509_get_pubkey)(X509 *) = nullptr; +@@ -158,6 +169,12 @@ extern "C" { + static int (*K_X509_check_purpose)(X509 *, int, int) = nullptr; + static X509_PURPOSE *(*K_X509_PURPOSE_get0)(int) = nullptr; + static int (*K_EVP_PKEY_assign)(EVP_PKEY *, int, char *) = nullptr; ++ static int (*K_EVP_PKEY_base_id)(EVP_PKEY *) = nullptr; ++ static RSA *(*K_EVP_PKEY_get0_RSA)(EVP_PKEY *) = nullptr; ++ static void (*K_RSA_get0_key)(RSA *, const BIGNUM **, const BIGNUM **, const BIGNUM **) = nullptr; ++ static DSA *(*K_EVP_PKEY_get0_DSA)(EVP_PKEY *) = nullptr; ++ static void (*K_DSA_get0_pqg)(DSA *, const BIGNUM **, const BIGNUM **, const BIGNUM **) = nullptr; ++ static void (*K_DSA_get0_key)(DSA *, const BIGNUM **, const BIGNUM **) = nullptr; + static int (*K_X509_REQ_set_pubkey)(X509_REQ *, EVP_PKEY *) = nullptr; + static RSA *(*K_RSA_generate_key)(int, unsigned long, void (*)(int, int, void *), void *) = nullptr; + static int (*K_i2d_X509_REQ_fp)(FILE *, X509_REQ *) = nullptr; +@@ -413,7 +430,11 @@ KOpenSSLProxy::KOpenSSLProxy() + K_RAND_load_file = (int (*)(const char *, long)) d->cryptoLib->resolve("RAND_load_file"); + K_RAND_file_name = (const char *(*)(char *, size_t)) d->cryptoLib->resolve("RAND_file_name"); + K_RAND_write_file = (int (*)(const char *)) d->cryptoLib->resolve("RAND_write_file"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + K_CRYPTO_free = (void (*)(void *)) d->cryptoLib->resolve("CRYPTO_free"); ++#else ++ K_CRYPTO_free = (void (*)(void *, const char *, int)) d->cryptoLib->resolve("CRYPTO_free"); ++#endif + K_d2i_X509 = (X509 * (*)(X509 **, unsigned char **, long)) d->cryptoLib->resolve("d2i_X509"); + K_i2d_X509 = (int (*)(X509 *, unsigned char **)) d->cryptoLib->resolve("i2d_X509"); + K_X509_cmp = (int (*)(X509 *, X509 *)) d->cryptoLib->resolve("X509_cmp"); +@@ -422,15 +443,19 @@ KOpenSSLProxy::KOpenSSLProxy() + K_X509_verify_cert = (int (*)(X509_STORE_CTX *)) d->cryptoLib->resolve("X509_verify_cert"); + K_X509_STORE_new = (X509_STORE * (*)(void)) d->cryptoLib->resolve("X509_STORE_new"); + K_X509_STORE_free = (void (*)(X509_STORE *)) d->cryptoLib->resolve("X509_STORE_free"); ++ K_X509_STORE_set_verify_cb = (void (*)(X509_STORE *, int (*)(int, X509_STORE_CTX *))) d->cryptoLib->resolve("X509_STORE_set_verify_cb"); + K_X509_NAME_oneline = (char *(*)(X509_NAME *, char *, int)) d->cryptoLib->resolve("X509_NAME_oneline"); + K_X509_get_subject_name = (X509_NAME * (*)(X509 *)) d->cryptoLib->resolve("X509_get_subject_name"); + K_X509_get_issuer_name = (X509_NAME * (*)(X509 *)) d->cryptoLib->resolve("X509_get_issuer_name"); ++ K_X509_get0_signature = (void (*)(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *)) d->cryptoLib->resolve("X509_get0_signature"); + K_X509_STORE_add_lookup = (X509_LOOKUP * (*)(X509_STORE *, X509_LOOKUP_METHOD *)) d->cryptoLib->resolve("X509_STORE_add_lookup"); + K_X509_LOOKUP_file = (X509_LOOKUP_METHOD * (*)(void)) d->cryptoLib->resolve("X509_LOOKUP_file"); + K_X509_LOOKUP_free = (void (*)(X509_LOOKUP *)) d->cryptoLib->resolve("X509_LOOKUP_free"); + K_X509_LOOKUP_ctrl = (int (*)(X509_LOOKUP *, int, const char *, long, char **)) d->cryptoLib->resolve("X509_LOOKUP_ctrl"); + K_X509_STORE_CTX_init = (void (*)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *)) d->cryptoLib->resolve("X509_STORE_CTX_init"); + K_X509_dup = (X509 * (*)(X509 *)) d->cryptoLib->resolve("X509_dup"); ++ K_X509_getm_notBefore = (ASN1_TIME *(*)(const X509 *)) d->cryptoLib->resolve("X509_getm_notBefore"); ++ K_X509_getm_notAfter = (ASN1_TIME *(*)(const X509 *)) d->cryptoLib->resolve("X509_getm_notAfter"); + K_BIO_s_mem = (BIO_METHOD * (*)(void)) d->cryptoLib->resolve("BIO_s_mem"); + K_BIO_new = (BIO * (*)(BIO_METHOD *)) d->cryptoLib->resolve("BIO_new"); + K_BIO_new_fp = (BIO * (*)(FILE *, int)) d->cryptoLib->resolve("BIO_new_fp"); +@@ -457,13 +482,26 @@ KOpenSSLProxy::KOpenSSLProxy() + K_X509_REQ_new = (X509_REQ * (*)()) d->cryptoLib->resolve("X509_REQ_new"); + K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509) *)) d->cryptoLib->resolve("X509_STORE_CTX_set_chain"); + K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) d->cryptoLib->resolve("X509_STORE_CTX_set_purpose"); +- K_sk_free = (void (*)(STACK *)) d->cryptoLib->resolve("sk_free"); +- K_sk_num = (int (*)(STACK *)) d->cryptoLib->resolve("sk_num"); +- K_sk_pop = (char *(*)(STACK *)) d->cryptoLib->resolve("sk_pop"); +- K_sk_value = (char *(*)(STACK *, int)) d->cryptoLib->resolve("sk_value"); +- K_sk_new = (STACK * (*)(int (*)())) d->cryptoLib->resolve("sk_new"); +- K_sk_push = (int (*)(STACK *, char *)) d->cryptoLib->resolve("sk_push"); +- K_sk_dup = (STACK * (*)(STACK *)) d->cryptoLib->resolve("sk_dup"); ++ K_X509_STORE_CTX_get_current_cert = (X509 * (*)(X509_STORE_CTX *)) d->cryptoLib->resolve("X509_STORE_CTX_get_current_cert"); ++ K_X509_STORE_CTX_set_error = (void (*)(X509_STORE_CTX *, int)) d->cryptoLib->resolve("X509_STORE_CTX_set_error"); ++ K_X509_STORE_CTX_get_error = (int (*)(X509_STORE_CTX *)) d->cryptoLib->resolve("X509_STORE_CTX_get_error"); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ K_OPENSSL_sk_free = (void (*)(STACK *)) d->cryptoLib->resolve("OPENSSL_sk_free"); ++ K_OPENSSL_sk_num = (int (*)(STACK *)) d->cryptoLib->resolve("OPENSSL_sk_num"); ++ K_OPENSSL_sk_pop = (char *(*)(STACK *)) d->cryptoLib->resolve("OPENSSL_sk_pop"); ++ K_OPENSSL_sk_value = (char *(*)(STACK *, int)) d->cryptoLib->resolve("OPENSSL_sk_value"); ++ K_OPENSSL_sk_new = (STACK * (*)(int (*)())) d->cryptoLib->resolve("OPENSSL_sk_new"); ++ K_OPENSSL_sk_push = (int (*)(STACK *, char *)) d->cryptoLib->resolve("OPENSSL_sk_push"); ++ K_OPENSSL_sk_dup = (STACK * (*)(STACK *)) d->cryptoLib->resolve("OPENSSL_sk_dup"); ++#else ++ K_OPENSSL_sk_free = (void (*)(STACK *)) d->cryptoLib->resolve("sk_free"); ++ K_OPENSSL_sk_num = (int (*)(STACK *)) d->cryptoLib->resolve("sk_num"); ++ K_OPENSSL_sk_pop = (char *(*)(STACK *)) d->cryptoLib->resolve("sk_pop"); ++ K_OPENSSL_sk_value = (char *(*)(STACK *, int)) d->cryptoLib->resolve("sk_value"); ++ K_OPENSSL_sk_new = (STACK * (*)(int (*)())) d->cryptoLib->resolve("sk_new"); ++ K_OPENSSL_sk_push = (int (*)(STACK *, char *)) d->cryptoLib->resolve("sk_push"); ++ K_OPENSSL_sk_dup = (STACK * (*)(STACK *)) d->cryptoLib->resolve("sk_dup"); ++#endif + K_i2s_ASN1_INTEGER = (char *(*)(X509V3_EXT_METHOD *, ASN1_INTEGER *)) d->cryptoLib->resolve("i2s_ASN1_INTEGER"); + K_X509_get_serialNumber = (ASN1_INTEGER * (*)(X509 *)) d->cryptoLib->resolve("X509_get_serialNumber"); + K_X509_get_pubkey = (EVP_PKEY * (*)(X509 *)) d->cryptoLib->resolve("X509_get_pubkey"); +@@ -507,6 +545,12 @@ KOpenSSLProxy::KOpenSSLProxy() + K_X509_check_purpose = (int (*)(X509 *, int, int)) d->cryptoLib->resolve("X509_check_purpose"); + K_X509_PURPOSE_get0 = (X509_PURPOSE * (*)(int)) d->cryptoLib->resolve("X509_PURPOSE_get0"); + K_EVP_PKEY_assign = (int (*)(EVP_PKEY *, int, char *)) d->cryptoLib->resolve("EVP_PKEY_assign"); ++ K_EVP_PKEY_base_id = (int (*)(EVP_PKEY *)) d->cryptoLib->resolve("EVP_PKEY_base_id"); ++ K_EVP_PKEY_get0_RSA = (RSA *(*)(EVP_PKEY *)) d->cryptoLib->resolve("EVP_PKEY_get0_RSA"); ++ K_RSA_get0_key = (void (*)(RSA *, const BIGNUM **, const BIGNUM **, const BIGNUM **)) d->cryptoLib->resolve("ESA_get0_key"); ++ K_EVP_PKEY_get0_DSA = (DSA *(*)(EVP_PKEY *)) d->cryptoLib->resolve("EVP_PKEY_get0_DSA"); ++ K_DSA_get0_pqg = (void (*)(DSA *, const BIGNUM **, const BIGNUM **, const BIGNUM **)) d->cryptoLib->resolve("DSA_get0_pqg"); ++ K_DSA_get0_key = (void (*)(DSA *, const BIGNUM **, const BIGNUM **)) d->cryptoLib->resolve("DSA_get0_key"); + K_X509_REQ_set_pubkey = (int (*)(X509_REQ *, EVP_PKEY *)) d->cryptoLib->resolve("X509_REQ_set_pubkey"); + K_RSA_generate_key = (RSA * (*)(int, unsigned long, void (*)(int, int, void *), void *)) d->cryptoLib->resolve("RSA_generate_key"); + K_i2d_X509_REQ_fp = (int (*)(FILE *, X509_REQ *)) d->cryptoLib->resolve("i2d_X509_REQ_fp"); +@@ -933,6 +977,17 @@ void KOpenSSLProxy::X509_STORE_free(X509_STORE *v) + } + } + ++void KOpenSSLProxy::X509_STORE_set_verify_cb(X509_STORE *store, int (*verify_cb)(int, X509_STORE_CTX *)) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ X509_STORE_set_verify_cb_func(store, verify_cb); ++#else ++ if (K_X509_STORE_set_verify_cb) { ++ (K_X509_STORE_set_verify_cb)(store, verify_cb); ++ } ++#endif ++} ++ + X509_STORE_CTX *KOpenSSLProxy::X509_STORE_CTX_new(void) + { + if (K_X509_STORE_CTX_new) { +@@ -987,6 +1042,22 @@ X509_NAME *KOpenSSLProxy::X509_get_issuer_name(X509 *a) + return nullptr; + } + ++void KOpenSSLProxy::X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **algor, const X509 *x) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ if (psig) { ++ *psig = x->signature; ++ } ++ if (algor) { ++ *algor = x->sig_alg; ++ } ++#else ++ if (K_X509_get0_signature) { ++ return (K_X509_get0_signature)(psig, algor, x); ++ } ++#endif ++} ++ + X509_LOOKUP *KOpenSSLProxy::X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) + { + if (K_X509_STORE_add_lookup) { +@@ -1025,12 +1096,21 @@ void KOpenSSLProxy::X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + } + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + void KOpenSSLProxy::CRYPTO_free(void *x) + { + if (K_CRYPTO_free) { + (K_CRYPTO_free)(x); + } + } ++#else ++void KOpenSSLProxy::CRYPTO_free(void *x, const char *file, int line) ++{ ++ if (K_CRYPTO_free) { ++ K_CRYPTO_free(x, file, line); ++ } ++} ++#endif + + X509 *KOpenSSLProxy::X509_dup(X509 *x509) + { +@@ -1040,6 +1120,32 @@ X509 *KOpenSSLProxy::X509_dup(X509 *x509) + return nullptr; + } + ++ASN1_TIME *KOpenSSLProxy::X509_getm_notBefore(const X509 *x) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return X509_get_notBefore(x); ++#else ++ if (K_X509_getm_notBefore) { ++ return (K_X509_getm_notBefore)(x); ++ } else { ++ return nullptr; ++ } ++#endif ++} ++ ++ASN1_TIME *KOpenSSLProxy::X509_getm_notAfter(const X509 *x) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return X509_get_notAfter(x); ++#else ++ if (K_X509_getm_notAfter) { ++ return (K_X509_getm_notAfter)(x); ++ } else { ++ return nullptr; ++ } ++#endif ++} ++ + BIO *KOpenSSLProxy::BIO_new(BIO_METHOD *type) + { + if (K_BIO_new) { +@@ -1257,35 +1363,35 @@ STACK_OF(X509) *KOpenSSLProxy::SSL_get_peer_cert_chain(SSL *s) + } + } + +-void KOpenSSLProxy::sk_free(STACK *s) ++void KOpenSSLProxy::OPENSSL_sk_free(STACK *s) + { +- if (K_sk_free) { +- (K_sk_free)(s); ++ if (K_OPENSSL_sk_free) { ++ (K_OPENSSL_sk_free)(s); + } + } + +-int KOpenSSLProxy::sk_num(STACK *s) ++int KOpenSSLProxy::OPENSSL_sk_num(STACK *s) + { +- if (K_sk_num) { +- return (K_sk_num)(s); ++ if (K_OPENSSL_sk_num) { ++ return (K_OPENSSL_sk_num)(s); + } else { + return -1; + } + } + +-char *KOpenSSLProxy::sk_pop(STACK *s) ++char *KOpenSSLProxy::OPENSSL_sk_pop(STACK *s) + { +- if (K_sk_pop) { +- return (K_sk_pop)(s); ++ if (K_OPENSSL_sk_pop) { ++ return (K_OPENSSL_sk_pop)(s); + } else { + return nullptr; + } + } + +-char *KOpenSSLProxy::sk_value(STACK *s, int n) ++char *KOpenSSLProxy::OPENSSL_sk_value(STACK *s, int n) + { +- if (K_sk_value) { +- return (K_sk_value)(s, n); ++ if (K_OPENSSL_sk_value) { ++ return (K_OPENSSL_sk_value)(s, n); + } else { + return nullptr; + } +@@ -1305,28 +1411,65 @@ void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) + } + } + +-STACK *KOpenSSLProxy::sk_dup(STACK *s) ++X509 *KOpenSSLProxy::X509_STORE_CTX_get_current_cert(X509_STORE_CTX *v) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return v->current_cert; ++#else ++ if (K_X509_STORE_CTX_get_current_cert) { ++ return (K_X509_STORE_CTX_get_current_cert)(v); ++ } else { ++ return nullptr; ++ } ++#endif ++} ++ ++void KOpenSSLProxy::X509_STORE_CTX_set_error(X509_STORE_CTX *v, int error) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ v->error = error; ++#else ++ if (K_X509_STORE_CTX_set_error) { ++ (K_X509_STORE_CTX_set_error)(v, error); ++ } ++#endif ++} ++ ++int KOpenSSLProxy::X509_STORE_CTX_get_error(X509_STORE_CTX *v) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return v->error; ++#else ++ if (K_X509_STORE_CTX_get_error) { ++ return (K_X509_STORE_CTX_get_error)(v); ++ } else { ++ return 0; ++ } ++#endif ++} ++ ++STACK *KOpenSSLProxy::OPENSSL_sk_dup(STACK *s) + { +- if (K_sk_dup) { +- return (K_sk_dup)(s); ++ if (K_OPENSSL_sk_dup) { ++ return (K_OPENSSL_sk_dup)(s); + } else { + return nullptr; + } + } + +-STACK *KOpenSSLProxy::sk_new(int (*cmp)()) ++STACK *KOpenSSLProxy::OPENSSL_sk_new(int (*cmp)()) + { +- if (K_sk_new) { +- return (K_sk_new)(cmp); ++ if (K_OPENSSL_sk_new) { ++ return (K_OPENSSL_sk_new)(cmp); + } else { + return nullptr; + } + } + +-int KOpenSSLProxy::sk_push(STACK *s, char *d) ++int KOpenSSLProxy::OPENSSL_sk_push(STACK *s, char *d) + { +- if (K_sk_push) { +- return (K_sk_push)(s, d); ++ if (K_OPENSSL_sk_push) { ++ return (K_OPENSSL_sk_push)(s, d); + } else { + return -1; + } +@@ -1749,6 +1892,99 @@ int KOpenSSLProxy::EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) + } + } + ++int KOpenSSLProxy::EVP_PKEY_base_id(EVP_PKEY *pkey) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return pkey->type; ++#else ++ if (K_EVP_PKEY_base_id) { ++ return (K_EVP_PKEY_base_id)(pkey); ++ } else { ++ return 0; ++ } ++#endif ++} ++ ++RSA *KOpenSSLProxy::EVP_PKEY_get0_RSA(EVP_PKEY *pkey) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return pkey->pkey.rsa; ++#else ++ if (K_EVP_PKEY_get0_RSA) { ++ return (K_EVP_PKEY_get0_RSA)(pkey); ++ } else { ++ return nullptr; ++ } ++#endif ++} ++ ++void KOpenSSLProxy::RSA_get0_key(RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ if (n) { ++ *n = rsa->n; ++ } ++ if (e) { ++ *e = rsa->e; ++ } ++ if (d) { ++ *d = rsa->d; ++ } ++#else ++ if (K_RSA_get0_key) { ++ (K_RSA_get0_key)(rsa, n, e, d); ++ } ++#endif ++} ++ ++DSA *KOpenSSLProxy::EVP_PKEY_get0_DSA(EVP_PKEY *pkey) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ return pkey->pkey.dsa; ++#else ++ if (K_EVP_PKEY_get0_DSA) { ++ return (K_EVP_PKEY_get0_DSA)(pkey); ++ } else { ++ return nullptr; ++ } ++#endif ++} ++ ++void KOpenSSLProxy::DSA_get0_pqg(DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ if (p) { ++ *p = dsa->p; ++ } ++ if (q) { ++ *q = dsa->q; ++ } ++ if (g) { ++ *g = dsa->g; ++ } ++#else ++ if (K_DSA_get0_pqg) { ++ (K_DSA_get0_pqg)(dsa, p, q, g); ++ } ++#endif ++} ++ ++void KOpenSSLProxy::DSA_get0_key(DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key) ++{ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ if (pub_key) { ++ *pub_key = dsa->pub_key; ++ } ++ if (priv_key) { ++ *priv_key = dsa->priv_key; ++ } ++#else ++ if (K_DSA_get0_key) { ++ (K_DSA_get0_key)(dsa, pub_key, priv_key); ++ } ++#endif ++} ++ + int KOpenSSLProxy::X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) + { + if (K_X509_REQ_set_pubkey) { +diff --git a/src/kssl/kopenssl.h b/src/kssl/kopenssl.h +index 68de672a..518cd5b7 100644 +--- a/src/kssl/kopenssl.h ++++ b/src/kssl/kopenssl.h +@@ -278,6 +278,16 @@ public: + X509 *X509_dup(X509 *x509); + + /* ++ * X509_getm_notBefore - get validity start ++ */ ++ ASN1_TIME *X509_getm_notBefore(const X509 *x); ++ ++ /* ++ * X509_getm_notAfter - get validity end ++ */ ++ ASN1_TIME *X509_getm_notAfter(const X509 *x); ++ ++ /* + * X509_STORE_CTX_new - create an X509 store context + */ + X509_STORE_CTX *X509_STORE_CTX_new(void); +@@ -297,6 +307,21 @@ public: + */ + void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose); + ++ /** ++ * X509_STORE_CTX_get_current_cert - get the current certificate ++ */ ++ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *v); ++ ++ /** ++ * X509_STORE_CTX_set_error - set certificate error ++ */ ++ void X509_STORE_CTX_set_error(X509_STORE_CTX *v, int error); ++ ++ /** ++ * X509_STORE_CTX_get_error - get certificate error ++ */ ++ int X509_STORE_CTX_get_error(X509_STORE_CTX *v); ++ + /* + * X509_verify_cert - verify the certificate + */ +@@ -313,6 +338,11 @@ public: + void X509_STORE_free(X509_STORE *v); + + /* ++ * X509_STORE_set_verify_cb - set verify callback ++ */ ++ void X509_STORE_set_verify_cb(X509_STORE *v, int (*verify_cb)(int, X509_STORE_CTX *)); ++ ++ /* + * X509_free - free up an X509 + */ + void X509_free(X509 *v); +@@ -333,6 +363,11 @@ public: + X509_NAME *X509_get_issuer_name(X509 *a); + + /* ++ * X509_get0_signature - return X509 signature and signature algorithm ++ */ ++ void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); ++ ++ /* + * X509_STORE_add_lookup - add a lookup file/method to an X509 store + */ + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +@@ -360,7 +395,11 @@ public: + /* + * CRYPTO_free - free up an internally allocated object + */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + void CRYPTO_free(void *x); ++#else ++ void CRYPTO_free(void *x, const char *file, int line); ++#endif + + /* + * BIO_new - create new BIO +@@ -461,58 +500,58 @@ public: + /* + * Pop off the stack + */ +- char *sk_pop(STACK *s); ++ char *OPENSSL_sk_pop(STACK *s); + + /* + * Free the stack + */ +- void sk_free(STACK *s); ++ void OPENSSL_sk_free(STACK *s); + + #if OPENSSL_VERSION_NUMBER >= 0x10000000L +- void sk_free(void *s) ++ void OPENSSL_sk_free(void *s) + { +- return sk_free(reinterpret_cast(s)); ++ return OPENSSL_sk_free(reinterpret_cast(s)); + } + #endif + + /* + * Number of elements in the stack + */ +- int sk_num(STACK *s); ++ int OPENSSL_sk_num(STACK *s); + + /* + * Value of element n in the stack + */ +- char *sk_value(STACK *s, int n); ++ char *OPENSSL_sk_value(STACK *s, int n); + + #if OPENSSL_VERSION_NUMBER >= 0x10000000L +- char *sk_value(void *s, int n) ++ char *OPENSSL_sk_value(void *s, int n) + { +- return sk_value(reinterpret_cast(s), n); ++ return OPENSSL_sk_value(reinterpret_cast(s), n); + } + #endif + + /* + * Create a new stack + */ +- STACK *sk_new(int (*cmp)()); ++ STACK *OPENSSL_sk_new(int (*cmp)()); + + /* + * Add an element to the stack + */ +- int sk_push(STACK *s, char *d); ++ int OPENSSL_sk_push(STACK *s, char *d); + + #if OPENSSL_VERSION_NUMBER >= 0x10000000L +- int sk_push(void *s, void *d) ++ int OPENSSL_sk_push(void *s, void *d) + { +- return sk_push(reinterpret_cast(s), reinterpret_cast(d)); ++ return OPENSSL_sk_push(reinterpret_cast(s), reinterpret_cast(d)); + } + #endif + + /* + * Duplicate the stack + */ +- STACK *sk_dup(STACK *s); ++ STACK *OPENSSL_sk_dup(STACK *s); + + /* + * Convert an ASN1_INTEGER to its text form +@@ -744,6 +783,17 @@ public: + int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); + + /* ++ * Get key type ++ */ ++ int EVP_PKEY_base_id(EVP_PKEY *pkey); ++ ++ RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); ++ void RSA_get0_key(RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); ++ DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); ++ void DSA_get0_pqg(DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); ++ void DSA_get0_key(DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key); ++ ++ /* + * Generate a RSA key + */ + RSA *RSA_generate_key(int bits, unsigned long e, void +diff --git a/src/kssl/kssl.cpp b/src/kssl/kssl.cpp +index a35f8164..4dc008ab 100644 +--- a/src/kssl/kssl.cpp ++++ b/src/kssl/kssl.cpp +@@ -46,8 +46,6 @@ + #warning "kssl.cpp needs to be ported to QSslSocket" + #endif + +-#define sk_dup d->kossl->sk_dup +- + class KSSLPrivate + { + public: +@@ -210,5 +208,3 @@ bool KSSL::doesSSLWork() + return m_bSSLWorks; + } + +-#undef sk_dup +- +diff --git a/src/kssl/ksslcallback.c b/src/kssl/ksslcallback.c +index 8afc33a4..086d8b25 100644 +--- a/src/kssl/ksslcallback.c ++++ b/src/kssl/ksslcallback.c +@@ -39,7 +39,7 @@ extern "C" { + // back will not be threadsafe ofcourse. + + if (KSSL_X509CallBack_ca) { +- if (KOSSL::self()->X509_cmp(ctx->current_cert, KSSL_X509CallBack_ca) != 0) { ++ if (KOSSL::self()->X509_cmp(KOSSL::self()->X509_STORE_CTX_get_current_cert(ctx), KSSL_X509CallBack_ca) != 0) { + return 1; // Ignore errors for this certificate + } + +@@ -47,7 +47,7 @@ extern "C" { + } + + if (!ok) { +- switch (ctx->error) { ++ switch (KOSSL::self()->X509_STORE_CTX_get_error(ctx)) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + case X509_V_ERR_UNABLE_TO_GET_CRL: + case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: +diff --git a/src/kssl/ksslcertchain.cpp b/src/kssl/ksslcertchain.cpp +index 6b5a8b23..16bb5d0b 100644 +--- a/src/kssl/ksslcertchain.cpp ++++ b/src/kssl/ksslcertchain.cpp +@@ -41,16 +41,6 @@ + #include + #include + +-#if KSSL_HAVE_SSL +-#define sk_new d->kossl->sk_new +-#define sk_push d->kossl->sk_push +-#define sk_free d->kossl->sk_free +-#define sk_value d->kossl->sk_value +-#define sk_num d->kossl->sk_num +-#define sk_dup d->kossl->sk_dup +-#define sk_pop d->kossl->sk_pop +-#endif +- + class KSSLCertChainPrivate + { + public: +@@ -79,13 +69,13 @@ KSSLCertChain::~KSSLCertChain() + STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + + for (;;) { +- X509 *x5 = sk_X509_pop(x); ++ X509 *x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(reinterpret_cast(x))); + if (!x5) { + break; + } + d->kossl->X509_free(x5); + } +- sk_X509_free(x); ++ d->kossl->OPENSSL_sk_free(reinterpret_cast(x)); + } + #endif + delete d; +@@ -108,7 +98,7 @@ KSSLCertChain *KSSLCertChain::replicate() + int KSSLCertChain::depth() + { + #if KSSL_HAVE_SSL +- return sk_X509_num((STACK_OF(X509) *)_chain); ++ return d->kossl->OPENSSL_sk_num(static_cast(_chain)); + #endif + return 0; + } +@@ -127,8 +117,8 @@ QList KSSLCertChain::getChain() const + #if KSSL_HAVE_SSL + STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + +- for (int i = 0; i < sk_X509_num(x); i++) { +- X509 *x5 = sk_X509_value(x, i); ++ for (int i = 0; i < d->kossl->OPENSSL_sk_num(reinterpret_cast(x)); i++) { ++ X509 *x5 = reinterpret_cast(d->kossl->OPENSSL_sk_value(reinterpret_cast(x), i)); + if (!x5) { + continue; + } +@@ -148,22 +138,22 @@ void KSSLCertChain::setChain(const QList &chain) + STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + + for (;;) { +- X509 *x5 = sk_X509_pop(x); ++ X509 *x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(reinterpret_cast(x))); + if (!x5) { + break; + } + d->kossl->X509_free(x5); + } +- sk_X509_free(x); ++ d->kossl->OPENSSL_sk_free(reinterpret_cast(x)); + _chain = nullptr; + } + + if (chain.isEmpty()) { + return; + } +- _chain = (void *)sk_new(nullptr); ++ _chain = (void *)d->kossl->OPENSSL_sk_new(nullptr); + foreach (KSSLCertificate *x, chain) { +- sk_X509_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert())); ++ d->kossl->OPENSSL_sk_push(static_cast(_chain), d->kossl->X509_dup(x->getCert())); + } + + #endif +@@ -176,13 +166,13 @@ void KSSLCertChain::setChain(void *stack_of_x509) + STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + + for (;;) { +- X509 *x5 = sk_X509_pop(x); ++ X509 *x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(reinterpret_cast(x))); + if (!x5) { + break; + } + d->kossl->X509_free(x5); + } +- sk_X509_free(x); ++ d->kossl->OPENSSL_sk_free(reinterpret_cast(x)); + _chain = nullptr; + } + +@@ -190,15 +180,15 @@ void KSSLCertChain::setChain(void *stack_of_x509) + return; + } + +- _chain = (void *)sk_new(nullptr); ++ _chain = (void *)d->kossl->OPENSSL_sk_new(nullptr); + STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509; + +- for (int i = 0; i < sk_X509_num(x); i++) { +- X509 *x5 = sk_X509_value(x, i); ++ for (int i = 0; i < d->kossl->OPENSSL_sk_num(reinterpret_cast(x)); i++) { ++ X509 *x5 = reinterpret_cast(d->kossl->OPENSSL_sk_value(reinterpret_cast(x), i)); + if (!x5) { + continue; + } +- sk_X509_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x5)); ++ d->kossl->OPENSSL_sk_push(reinterpret_cast(_chain), d->kossl->X509_dup(x5)); + } + + #else +@@ -217,14 +207,3 @@ void KSSLCertChain::setCertChain(const QStringList &chain) + } + setChain(cl); + } +- +-#if KSSL_HAVE_SSL +-#undef sk_new +-#undef sk_push +-#undef sk_free +-#undef sk_value +-#undef sk_num +-#undef sk_dup +-#undef sk_pop +-#endif +- +diff --git a/src/kssl/ksslcertificate.cpp b/src/kssl/ksslcertificate.cpp +index 2fbe5751..4c96e4b0 100644 +--- a/src/kssl/ksslcertificate.cpp ++++ b/src/kssl/ksslcertificate.cpp +@@ -195,14 +195,17 @@ QString KSSLCertificate::getSignatureText() const + char *s; + int n, i; + +- i = d->kossl->OBJ_obj2nid(d->m_cert->sig_alg->algorithm); ++ const X509_ALGOR *algor; ++ const ASN1_BIT_STRING *sig; ++ d->kossl->X509_get0_signature(&sig, &algor, d->m_cert); ++ i = d->kossl->OBJ_obj2nid(algor->algorithm); + rc = i18n("Signature Algorithm: "); + rc += (i == NID_undef) ? i18n("Unknown") : QString(d->kossl->OBJ_nid2ln(i)); + + rc += '\n'; + rc += i18n("Signature Contents:"); +- n = d->m_cert->signature->length; +- s = (char *)d->m_cert->signature->data; ++ n = sig->length; ++ s = (char *)sig->data; + for (i = 0; i < n; ++i) { + if (i % 20 != 0) { + rc += ':'; +@@ -227,9 +230,10 @@ void KSSLCertificate::getEmails(QStringList &to) const + } + + STACK *s = d->kossl->X509_get1_email(d->m_cert); ++ const int size = d->kossl->OPENSSL_sk_num(s); + if (s) { +- for (int n = 0; n < s->num; n++) { +- to.append(d->kossl->sk_value(s, n)); ++ for (int n = 0; n < size; n++) { ++ to.append(d->kossl->OPENSSL_sk_value(s, n)); + } + d->kossl->X509_email_free(s); + } +@@ -309,12 +313,12 @@ QString KSSLCertificate::getKeyType() const + EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert); + if (pkey) { + #ifndef NO_RSA +- if (pkey->type == EVP_PKEY_RSA) { ++ if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { + rc = "RSA"; + } else + #endif + #ifndef NO_DSA +- if (pkey->type == EVP_PKEY_DSA) { ++ if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) { + rc = "DSA"; + } else + #endif +@@ -336,8 +340,10 @@ QString KSSLCertificate::getPublicKeyText() const + if (pkey) { + rc = i18nc("Unknown", "Unknown key algorithm"); + #ifndef NO_RSA +- if (pkey->type == EVP_PKEY_RSA) { +- x = d->kossl->BN_bn2hex(pkey->pkey.rsa->n); ++ if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { ++ const BIGNUM *n, *e; ++ d->kossl->RSA_get0_key(d->kossl->EVP_PKEY_get0_RSA(pkey), &n, &e, nullptr); ++ x = d->kossl->BN_bn2hex(n); + rc = i18n("Key type: RSA (%1 bit)", strlen(x) * 4) + '\n'; + + rc += i18n("Modulus: "); +@@ -352,15 +358,18 @@ QString KSSLCertificate::getPublicKeyText() const + rc += '\n'; + d->kossl->OPENSSL_free(x); + +- x = d->kossl->BN_bn2hex(pkey->pkey.rsa->e); ++ x = d->kossl->BN_bn2hex(e); + rc += i18n("Exponent: 0x") + QLatin1String(x) + + QLatin1String("\n"); + d->kossl->OPENSSL_free(x); + } + #endif + #ifndef NO_DSA +- if (pkey->type == EVP_PKEY_DSA) { +- x = d->kossl->BN_bn2hex(pkey->pkey.dsa->p); ++ if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) { ++ auto dsa = d->kossl->EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g; ++ d->kossl->DSA_get0_pqg(dsa, &p, &q, &g); ++ x = d->kossl->BN_bn2hex(p); + // hack - this may not be always accurate + rc = i18n("Key type: DSA (%1 bit)", strlen(x) * 4) + '\n'; + +@@ -376,7 +385,7 @@ QString KSSLCertificate::getPublicKeyText() const + rc += '\n'; + d->kossl->OPENSSL_free(x); + +- x = d->kossl->BN_bn2hex(pkey->pkey.dsa->q); ++ x = d->kossl->BN_bn2hex(q); + rc += i18n("160 bit prime factor: "); + for (unsigned int i = 0; i < strlen(x); i++) { + if (i % 40 != 0 && i % 2 == 0) { +@@ -389,7 +398,7 @@ QString KSSLCertificate::getPublicKeyText() const + rc += '\n'; + d->kossl->OPENSSL_free(x); + +- x = d->kossl->BN_bn2hex(pkey->pkey.dsa->g); ++ x = d->kossl->BN_bn2hex(g); + rc += QString("g: "); + for (unsigned int i = 0; i < strlen(x); i++) { + if (i % 40 != 0 && i % 2 == 0) { +@@ -402,7 +411,9 @@ QString KSSLCertificate::getPublicKeyText() const + rc += '\n'; + d->kossl->OPENSSL_free(x); + +- x = d->kossl->BN_bn2hex(pkey->pkey.dsa->pub_key); ++ const BIGNUM *pub_key; ++ d->kossl->DSA_get0_key(dsa, &pub_key, nullptr); ++ x = d->kossl->BN_bn2hex(pub_key); + rc += i18n("Public key: "); + for (unsigned int i = 0; i < strlen(x); i++) { + if (i % 40 != 0 && i % 2 == 0) { +@@ -692,7 +703,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi + return errors; + } + +- X509_STORE_set_verify_cb_func(certStore, X509Callback); ++ d->kossl->X509_STORE_set_verify_cb(certStore, X509Callback); + + certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file()); + if (!certLookup) { +@@ -733,9 +744,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi + KSSL_X509CallBack_ca = ca ? ca->d->m_cert : nullptr; + KSSL_X509CallBack_ca_found = false; + +- certStoreCTX->error = X509_V_OK; ++ d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK); + rc = d->kossl->X509_verify_cert(certStoreCTX); +- int errcode = certStoreCTX->error; ++ int errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX); + if (ca && !KSSL_X509CallBack_ca_found) { + ksslv = KSSLCertificate::Irrelevant; + } else { +@@ -748,9 +759,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi + d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, + X509_PURPOSE_NS_SSL_SERVER); + +- certStoreCTX->error = X509_V_OK; ++ d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK); + rc = d->kossl->X509_verify_cert(certStoreCTX); +- errcode = certStoreCTX->error; ++ errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX); + ksslv = processError(errcode); + } + d->kossl->X509_STORE_CTX_free(certStoreCTX); +@@ -982,7 +993,7 @@ KSSLCertificate::KSSLValidation KSSLCertificate::processError(int ec) + QString KSSLCertificate::getNotBefore() const + { + #if KSSL_HAVE_SSL +- return ASN1_UTCTIME_QString(X509_get_notBefore(d->m_cert)); ++ return ASN1_UTCTIME_QString(d->kossl->X509_getm_notBefore(d->m_cert)); + #else + return QString(); + #endif +@@ -991,7 +1002,7 @@ QString KSSLCertificate::getNotBefore() const + QString KSSLCertificate::getNotAfter() const + { + #if KSSL_HAVE_SSL +- return ASN1_UTCTIME_QString(X509_get_notAfter(d->m_cert)); ++ return ASN1_UTCTIME_QString(d->kossl->X509_getm_notAfter(d->m_cert)); + #else + return QString(); + #endif +@@ -1000,7 +1011,7 @@ QString KSSLCertificate::getNotAfter() const + QDateTime KSSLCertificate::getQDTNotBefore() const + { + #if KSSL_HAVE_SSL +- return ASN1_UTCTIME_QDateTime(X509_get_notBefore(d->m_cert), nullptr); ++ return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notBefore(d->m_cert), nullptr); + #else + return QDateTime::currentDateTime(); + #endif +@@ -1009,7 +1020,7 @@ QDateTime KSSLCertificate::getQDTNotBefore() const + QDateTime KSSLCertificate::getQDTNotAfter() const + { + #if KSSL_HAVE_SSL +- return ASN1_UTCTIME_QDateTime(X509_get_notAfter(d->m_cert), nullptr); ++ return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notAfter(d->m_cert), nullptr); + #else + return QDateTime::currentDateTime(); + #endif +@@ -1210,7 +1221,8 @@ typedef struct NETSCAPE_X509_st { + QByteArray KSSLCertificate::toNetscape() + { + QByteArray qba; +-#if KSSL_HAVE_SSL ++ // no equivalent in OpenSSL 1.1.0 (?), so behave as if we had no OpenSSL at all ++#if KSSL_HAVE_SSL && OPENSSL_VERSION_NUMBER < 0x10100000L + NETSCAPE_X509 nx; + ASN1_OCTET_STRING hdr; + QTemporaryFile ktf; +@@ -1294,10 +1306,10 @@ QStringList KSSLCertificate::subjAltNames() const + return rc; + } + +- int cnt = d->kossl->sk_GENERAL_NAME_num(names); ++ int cnt = d->kossl->OPENSSL_sk_num((STACK *)names); + + for (int i = 0; i < cnt; i++) { +- const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->sk_value(names, i); ++ const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->OPENSSL_sk_value(names, i); + if (val->type != GEN_DNS) { + continue; + } +@@ -1309,7 +1321,7 @@ QStringList KSSLCertificate::subjAltNames() const + rc += s; + } + } +- d->kossl->sk_free(names); ++ d->kossl->OPENSSL_sk_free(names); + #endif + return rc; + } +-- +2.13.2 + diff --git a/kdelibs4support.changes b/kdelibs4support.changes index 6646699..dc024ab 100644 --- a/kdelibs4support.changes +++ b/kdelibs4support.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Aug 31 07:50:38 UTC 2017 - fabian@ritter-vogt.de + +- Add patch to allow build with Qt5 built against openSSL 1.1 (boo#1055489): + * 0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch + ------------------------------------------------------------------- Sun Aug 13 20:46:20 UTC 2017 - christophe@krop.fr diff --git a/kdelibs4support.spec b/kdelibs4support.spec index 2f2f5bb..35edbb8 100644 --- a/kdelibs4support.spec +++ b/kdelibs4support.spec @@ -66,9 +66,7 @@ BuildRequires: cmake(Qt5X11Extras) >= 5.6.0 BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(sm) BuildRequires: pkgconfig(x11) -%if %{with lang} Recommends: %{name}-lang = %{version} -%endif Provides: kde4support = %{version} Obsoletes: kde4support < %{version} Summary: Code and utilities to ease the transition to KDE Frameworks 5 @@ -77,6 +75,8 @@ Group: System/GUI/KDE Url: http://www.kde.org Source: http://download.kde.org/stable/frameworks/%{_tar_path}/portingAids/%{name}-%{version}.tar.xz Source1: baselibs.conf +# PATCH-FIX-UPSTREAM +Patch1: 0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -189,6 +189,7 @@ KDEDIRS environment variable correctly. Development files. %lang_package %prep %setup -q +%patch1 -p1 %build %cmake_kf5 -d build