1 --- src/network/ssl/qsslcontext_openssl.cpp.orig	2022-06-22 10:58:13 UTC
2 +++ src/network/ssl/qsslcontext_openssl.cpp
3 @@ -54,12 +54,14 @@
4 
5  QT_BEGIN_NAMESPACE
6 
7 +#ifdef SSL_SECOP_PEER
8  Q_GLOBAL_STATIC(bool, forceSecurityLevel)
9 
10  Q_NETWORK_EXPORT void qt_ForceTlsSecurityLevel()
11  {
12      *forceSecurityLevel() = true;
13  }
14 +#endif //SSL_SECOP_PEER
15 
16  // defined in qsslsocket_openssl.cpp:
17  extern int q_X509Callback(int ok, X509_STORE_CTX *ctx);
18 @@ -351,9 +353,11 @@ init_context:
19          return;
20      }
21 
22 +#ifdef SSL_SECOP_PEER
23      // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
24      if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
25          q_SSL_CTX_set_security_level(sslContext->ctx, 1);
26 +#endif //SSL_SECOP_PEER
27 
28      const long anyVersion =
29  #if QT_CONFIG(dtls)
30 @@ -408,16 +412,28 @@ init_context:
31          maxVersion = DTLS1_VERSION;
32          break;
33      case QSsl::DtlsV1_0OrLater:
34 +#ifdef DTLS_MAX_VERSION
35          minVersion = DTLS1_VERSION;
36          maxVersion = 0;
37 +#else
38 +        Q_UNREACHABLE();
39 +#endif // DTLS_MAX_VERSION
40          break;
41      case QSsl::DtlsV1_2:
42 +#ifdef DTLS1_2_VERSION
43          minVersion = DTLS1_2_VERSION;
44          maxVersion = DTLS1_2_VERSION;
45 +#else
46 +        Q_UNREACHABLE();
47 +#endif // DTLS1_2_VERSION
48          break;
49      case QSsl::DtlsV1_2OrLater:
50 +#if defined(DTLS1_2_VERSION)
51          minVersion = DTLS1_2_VERSION;
52          maxVersion = 0;
53 +#else
54 +        Q_UNREACHABLE();
55 +#endif // DTLS1_2_VERSION
56          break;
57      case QSsl::TlsV1_3OrLater:
58  #ifdef TLS1_3_VERSION
59 @@ -722,6 +738,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslC
60      }
61  #endif // ocsp
62 
63 +#ifndef LIBRESSL_VERSION_NUMBER
64      QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
65      if (cctx) {
66          q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
67 @@ -768,7 +785,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslC
68              sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
69              sslContext->errorCode = QSslError::UnspecifiedError;
70          }
71 -    } else {
72 +    } else
73 +#endif // LIBRESSL_VERSION_NUMBER
74 +    {
75          sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
76          sslContext->errorCode = QSslError::UnspecifiedError;
77      }
78