support OpenSSL 1.1

[Dessa]

Fedora Rawhide has dumped OSSL 1.1 in their repository, the build log down below is the result of trying to build against it

/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp: In function ‘DH* my_get_dh(int)’:
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:212:4: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
  dh->p = BN_bin2bn(p, sp, nullptr);
    ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
 typedef struct dh_st DH;
                ^~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:213:4: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
  dh->g = BN_bin2bn(g, sg, nullptr);
    ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
 typedef struct dh_st DH;
                ^~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:214:8: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
  if((dh->p == nullptr) || (dh->g == nullptr))
        ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
 typedef struct dh_st DH;
                ^~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:214:30: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
  if((dh->p == nullptr) || (dh->g == nullptr))
                              ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
 typedef struct dh_st DH;
                ^~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp: In member function ‘int KviSSLCertificate::fingerprintDigestId()’:
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:698:31: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
  int NID = OBJ_obj2nid(m_pX509->sig_alg->algorithm);
                               ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;
                ^~~~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:713:15: error: invalid use of incomplete type ‘const EVP_MD {aka const struct evp_md_st}’
  return mdType->type;
               ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:91:16: note: forward declaration of ‘EVP_MD {aka struct evp_md_st}’
 typedef struct evp_md_st EVP_MD;
                ^~~~~~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp: In member function ‘void KviSSLCertificate::extractPubKeyInfo()’:
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:832:22: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
   m_szPubKeyType = (p->type == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(p->type);
                      ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:93:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
 typedef struct evp_pkey_st EVP_PKEY;
                ^~~~~~~~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:832:75: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
 _szPubKeyType = (p->type == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(p->type);
                                                                        ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:93:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
 typedef struct evp_pkey_st EVP_PKEY;
                ^~~~~~~~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp: In member function ‘void KviSSLCertificate::extractSignature()’:
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:855:29: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
  int i = OBJ_obj2nid(m_pX509->sig_alg->algorithm);
                             ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;
                ^~~~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:860:24: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
  for(i = 0; i < m_pX509->signature->length; i++)
                        ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;
                ^~~~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:864:50: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
   m_szSignatureContents.append(hexdigits[(m_pX509->signature->data[i] & 0xf0) >> 4]);
                                                  ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;
                ^~~~~~~
/home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:865:50: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
   m_szSignatureContents.append(hexdigits[(m_pX509->signature->data[i] & 0x0f)]);
                                                  ^~
In file included from /usr/include/openssl/crypto.h:31:0,
                 from /usr/include/openssl/comp.h:16,
                 from /usr/include/openssl/ssl.h:47,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.h:43,
                 from /home/dessa/KVIrc/src/kvilib/net/KviSSL.cpp:25:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;
                ^~~~~~~
gmake[2]: *** [src/kvilib/CMakeFiles/kvilib.dir/build.make:1599: src/kvilib/CMakeFiles/kvilib.dir/net/KviSSL.cpp.o] Error 1
gmake[1]: *** [CMakeFiles/Makefile2:4125: src/kvilib/CMakeFiles/kvilib.dir/all] Error 2
gmake: *** [Makefile:128: all] Error 2

[ctrlaltca]

OpenSSL 1.1 introduced a lot of breaking changes, making previously public structures opaque. A complete list is available here: https://www.openssl.org/news/cl110.txt

Support for 1.1 will require a few code changes and a lot of #ifdefs.
An alternative solution could be switching to Qt's SSL classes and drop the direct dependency to OpenSSL.

[un1versal]

An alternative solution could be switching to Qt's SSL classes and drop the direct dependency to OpenSSL.

Does this mean youre stuck on whaever old version Qt provides?

for appveyor builds a ref appveyor/ci#1086

[ctrlaltca]

Does this mean youre stuck on whaever old version Qt provides?

Qt doesn't include OpenSSL, and dynamically loads the version currently installed on your system (unless your distro packager decided otherwise):

By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time.
However, it is possible to link against the library at compile-time by configuring Qt with the -openssl-linked option.

(source: http://doc.qt.io/qt-5/ssl.html#enabling-and-disabling-ssl-support )

[Dessa]

qt is something different altogether, openssl 1.1 will not be supported by anything lower then qt 5.9
https://bugreports.qt.io/browse/QTBUG-52905

Does this mean youre stuck on whaever old version Qt provides?

no, we do link to openssl independently of qt.

[ctrlaltca]

What the current state of Qt on rawhide?
Did they keep OOS1.0 too, patch Qt to link against OOS1.1 or left Qt broken together with a lot of other software that didn't made the jump yet?

[Dessa]

they keep openssl 1.0.2 too, i suppose since stuff like QT won't adapt in the near future they are forced to do that. (which will probably mean no one will care/notice, i want to avoid that.)

[wodim]

I don't think any distro is going to drop openssl 1.0 anytime soon... Just
today I had to compile something that required 1.0 because 1.1+ dropped RC4

On Tue, Oct 18, 2016 at 6:02 PM, Dessa notifications@github.com wrote:

they keep openssl 1.0.2 too, i suppose since stuff like QT won't adapt in
the near future they are forced to do that. (which will probably mean no
one will care/notice, i want to avoid that.)

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#2151 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AA9IUULDZoPGT2M4thoQu0tEW4kd_ioNks5q1O2agaJpZM4KZ0u1
.

[wodim]

(I don't mean to say we shouldn't transition to 1.1, just a tiny bit of
information)

On Tue, Oct 18, 2016 at 6:38 PM, David Martí neikokz@gmail.com wrote:

I don't think any distro is going to drop openssl 1.0 anytime soon... Just
today I had to compile something that required 1.0 because 1.1+ dropped RC4

On Tue, Oct 18, 2016 at 6:02 PM, Dessa notifications@github.com wrote:

they keep openssl 1.0.2 too, i suppose since stuff like QT won't adapt in
the near future they are forced to do that. (which will probably mean no
one will care/notice, i want to avoid that.)

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#2151 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AA9IUULDZoPGT2M4thoQu0tEW4kd_ioNks5q1O2agaJpZM4KZ0u1
.

[wRAR]

If Qt dlopens OpenSSL 1.0 KVIrc cannot be linked against OpenSSL 1.1 because symbol clashes will happen.