From c212d39e0626ce0df119944db306ae5a0f3e931c Mon Sep 17 00:00:00 2001 From: Jon DeVree Date: Tue, 22 Aug 2023 14:42:24 +0100 Subject: [PATCH] Do not use SSLv3 methods in Qt4 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Origin: other, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505 Forwarded: not-needed Reviewed-by: Lisandro Damián Nicanor Pérez Meyer Last-Update: 2015-11-30 This patch makes the use of SSLv3 methods optional at compile time. On Debian this means they will not be used and will return a null ctx if the SSLv3 method is deliberately selected. Last-Update: 2015-11-30 Gbp-Pq: Name no-ssl3.patch --- src/network/ssl/qsslsocket_openssl.cpp | 4 ++++ src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index ce9849452..e55ec18de 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -267,7 +267,11 @@ init_context: #endif break; case QSsl::SslV3: +#ifndef OPENSSL_NO_SSL3_METHOD ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); +#else + ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error +#endif break; case QSsl::SecureProtocols: // SslV2 will be disabled below case QSsl::TlsV1SslV3: // SslV2 will be disabled below diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 3ee710605..02adf5f1a 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -228,13 +228,17 @@ DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, return) #ifndef OPENSSL_NO_SSL2 DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) #endif +#ifndef OPENSSL_NO_SSL3_METHOD DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +#endif DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) #ifndef OPENSSL_NO_SSL2 DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) #endif +#ifndef OPENSSL_NO_SSL3_METHOD DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +#endif DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) #else @@ -822,13 +826,17 @@ bool q_resolveOpenSslSymbols() #ifndef OPENSSL_NO_SSL2 RESOLVEFUNC(SSLv2_client_method) #endif +#ifndef OPENSSL_NO_SSL3_METHOD RESOLVEFUNC(SSLv3_client_method) +#endif RESOLVEFUNC(SSLv23_client_method) RESOLVEFUNC(TLSv1_client_method) #ifndef OPENSSL_NO_SSL2 RESOLVEFUNC(SSLv2_server_method) #endif +#ifndef OPENSSL_NO_SSL3_METHOD RESOLVEFUNC(SSLv3_server_method) +#endif RESOLVEFUNC(SSLv23_server_method) RESOLVEFUNC(TLSv1_server_method) RESOLVEFUNC(X509_NAME_entry_count) -- 2.30.2