Opened 6 years ago

Last modified 5 years ago

#58218 new enhancement

port:qt4, port:qt59 : OpenSSL 1.1 compatibility

Reported by: RJVB (René Bertin) Owned by:
Priority: Normal Milestone:
Component: ports Version:
Keywords: haspatch Cc: michaelld (Michael Dickens), MarcusCalhoun-Lopez (Marcus Calhoun-Lopez), yan12125 (Chih-Hsuan Yen)
Port: qt59

Description

I've been working to get my two Qt ports to support OpenSSL 1.1 in order to be ready when the time comes to upgrade. For now I've tested with an OSSL 1.02r build installed into its own libexec prefix but with symlinks exposing it at the usual locations. As far as I can tell things work as they should.

I'm providing the patches here in hope someone will find them useful (and actually test against OpenSSL 1.1x).

Attachments (5)

patch-support-openssl11.diff (16.0 KB) - added by RJVB (René Bertin) 6 years ago.
Patch for Qt4, adapted from the ArchLinux patch
patch-openssl11-support-qt597.diff (181.6 KB) - added by RJVB (René Bertin) 6 years ago.
patch for Qt 5.9; this is a cherry-pick of the official Qt commit that made it into 5.10 but not 5.9 (for whatever political? reason)
patch-openssl11-support-qt597.2.diff (188.5 KB) - added by RJVB (René Bertin) 6 years ago.
this version contains the few SSL fixes from the 5.10 branch that weren't already applied to 5.9
patch-openssl11-support-qt597.3.diff (189.2 KB) - added by RJVB (René Bertin) 5 years ago.
amended and tested version: works against the current OpenSSL 1.1 port
patch-httpsockeng-fix.diff (1.2 KB) - added by RJVB (René Bertin) 5 years ago.
prevent a crash that I've seen with OSSL 1.1 but not with OSSL 1.0

Download all attachments as: .zip

Change History (12)

Changed 6 years ago by RJVB (René Bertin)

Patch for Qt4, adapted from the ArchLinux patch

Changed 6 years ago by RJVB (René Bertin)

patch for Qt 5.9; this is a cherry-pick of the official Qt commit that made it into 5.10 but not 5.9 (for whatever political? reason)

comment:1 Changed 6 years ago by RJVB (René Bertin)

FWIW: the Qt5 configure script accepts OPENSSL_PREFIX=${prefix} and/or OPENSSL_INCDIR=/path/to/opensslheaders and/or OPENSSL_LIBDIR=/path/to/openssllibs. No need to manhandle -I and -L in configure.*flags.

comment:2 Changed 6 years ago by RJVB (René Bertin)

No hurry for Qt5; I learnt that there have been a few bugfixes I should hunt down and backport.

Changed 6 years ago by RJVB (René Bertin)

this version contains the few SSL fixes from the 5.10 branch that weren't already applied to 5.9

comment:3 Changed 6 years ago by yan12125 (Chih-Hsuan Yen)

Cc: yan12125 added

comment:4 Changed 6 years ago by yan12125 (Chih-Hsuan Yen)

RJVB: Could you turn OpenSSL 1.1 patches into GitHub pull requests?

comment:5 Changed 6 years ago by RJVB (René Bertin)

I'd rather not because that means I'd have to make assumptions on how the Qt port maintainers want to adapt their ports (neither of which I use myself) and about how people are running their tests. All without having OpenSSL 1.1 installed because I plan to do that upgrade at a convenient time after port:openssl made the transition. I have way too many other things on my fork ATM to start messing with such a central port.

Testing these patches shouldn't be hard;

> sudo port -n patch qtN
> (cd `port work qtN`/qt-* && patch -Np1 -i /path/to/patchXXXX.diff)
> sudo port -nok destroot qtN

afterwards it's up to you to decide if you want to port -noks upgrade --force or just want to replace the installed QtNetwork framework with the one that was just rebuilt. From what I understand Qt dependents are completely oblivious and independent of the SSL backend used by QtNetwork.

comment:6 Changed 5 years ago by yan12125 (Chih-Hsuan Yen)

In e660ba6a7265d21b28decb8f2b9a0ec4fd6541fe/macports-ports (master):

openssl: update to 1.1.1c

Closes: #52101
Ref: #58218 (old Qt5 versions)
Ref: #58607 (old MySQL versions)
Ref: #58630 (old PostgreSQL versions)

comment:7 Changed 5 years ago by yan12125 (Chih-Hsuan Yen)

Port: qt4-mac removed

Changed 5 years ago by RJVB (René Bertin)

amended and tested version: works against the current OpenSSL 1.1 port

Changed 5 years ago by RJVB (René Bertin)

Attachment: patch-httpsockeng-fix.diff added

prevent a crash that I've seen with OSSL 1.1 but not with OSSL 1.0

Note: See TracTickets for help on using tickets.