Opened 7 months ago

Last modified 6 weeks ago

#58218 new enhancement

port:qt4, port:qt59 : OpenSSL 1.1 compatibility

Reported by: RJVB (René Bertin) Owned by:
Priority: Normal Milestone:
Component: ports Version:
Keywords: haspatch Cc: michaelld (Michael Dickens), MarcusCalhoun-Lopez (Marcus Calhoun-Lopez), yan12125 (Chih-Hsuan Yen)
Port: qt59

Description

I've been working to get my two Qt ports to support OpenSSL 1.1 in order to be ready when the time comes to upgrade. For now I've tested with an OSSL 1.02r build installed into its own libexec prefix but with symlinks exposing it at the usual locations. As far as I can tell things work as they should.

I'm providing the patches here in hope someone will find them useful (and actually test against OpenSSL 1.1x).

Attachments (5)

patch-support-openssl11.diff (16.0 KB) - added by RJVB (René Bertin) 7 months ago.
Patch for Qt4, adapted from the ArchLinux patch
patch-openssl11-support-qt597.diff (181.6 KB) - added by RJVB (René Bertin) 7 months ago.
patch for Qt 5.9; this is a cherry-pick of the official Qt commit that made it into 5.10 but not 5.9 (for whatever political? reason)
patch-openssl11-support-qt597.2.diff (188.5 KB) - added by RJVB (René Bertin) 7 months ago.
this version contains the few SSL fixes from the 5.10 branch that weren't already applied to 5.9
patch-openssl11-support-qt597.3.diff (189.2 KB) - added by RJVB (René Bertin) 5 weeks ago.
amended and tested version: works against the current OpenSSL 1.1 port
patch-httpsockeng-fix.diff (1.2 KB) - added by RJVB (René Bertin) 5 weeks ago.
prevent a crash that I've seen with OSSL 1.1 but not with OSSL 1.0

Download all attachments as: .zip

Change History (12)

Changed 7 months ago by RJVB (René Bertin)

Patch for Qt4, adapted from the ArchLinux patch

Changed 7 months ago by RJVB (René Bertin)

patch for Qt 5.9; this is a cherry-pick of the official Qt commit that made it into 5.10 but not 5.9 (for whatever political? reason)

comment:1 Changed 7 months ago by RJVB (René Bertin)

FWIW: the Qt5 configure script accepts OPENSSL_PREFIX=${prefix} and/or OPENSSL_INCDIR=/path/to/opensslheaders and/or OPENSSL_LIBDIR=/path/to/openssllibs. No need to manhandle -I and -L in configure.*flags.

comment:2 Changed 7 months ago by RJVB (René Bertin)

No hurry for Qt5; I learnt that there have been a few bugfixes I should hunt down and backport.

Changed 7 months ago by RJVB (René Bertin)

this version contains the few SSL fixes from the 5.10 branch that weren't already applied to 5.9

comment:3 Changed 7 months ago by yan12125 (Chih-Hsuan Yen)

Cc: yan12125 added

comment:4 Changed 7 months ago by yan12125 (Chih-Hsuan Yen)

RJVB: Could you turn OpenSSL 1.1 patches into GitHub pull requests?

comment:5 Changed 7 months ago by RJVB (René Bertin)

I'd rather not because that means I'd have to make assumptions on how the Qt port maintainers want to adapt their ports (neither of which I use myself) and about how people are running their tests. All without having OpenSSL 1.1 installed because I plan to do that upgrade at a convenient time after port:openssl made the transition. I have way too many other things on my fork ATM to start messing with such a central port.

Testing these patches shouldn't be hard;

> sudo port -n patch qtN
> (cd `port work qtN`/qt-* && patch -Np1 -i /path/to/patchXXXX.diff)
> sudo port -nok destroot qtN

afterwards it's up to you to decide if you want to port -noks upgrade --force or just want to replace the installed QtNetwork framework with the one that was just rebuilt. From what I understand Qt dependents are completely oblivious and independent of the SSL backend used by QtNetwork.

comment:6 Changed 6 weeks ago by yan12125 (Chih-Hsuan Yen)

In e660ba6a7265d21b28decb8f2b9a0ec4fd6541fe/macports-ports (master):

openssl: update to 1.1.1c

Closes: #52101
Ref: #58218 (old Qt5 versions)
Ref: #58607 (old MySQL versions)
Ref: #58630 (old PostgreSQL versions)

comment:7 Changed 6 weeks ago by yan12125 (Chih-Hsuan Yen)

Port: qt4-mac removed

Changed 5 weeks ago by RJVB (René Bertin)

amended and tested version: works against the current OpenSSL 1.1 port

Changed 5 weeks ago by RJVB (René Bertin)

Attachment: patch-httpsockeng-fix.diff added

prevent a crash that I've seen with OSSL 1.1 but not with OSSL 1.0

Note: See TracTickets for help on using tickets.