Fails with: int q_OPENSSL_sk_num(OPENSSL_STACK *a); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslcertificate.cpp:116: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:88:28: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslcertificate.cpp:116: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:89:1: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? OPENSSL_STACK *q_OPENSSL_sk_new_null(); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslcertificate.cpp:116: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:90:24: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslcertificate.cpp:116: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:91:24: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? void q_OPENSSL_sk_free(OPENSSL_STACK *a); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslcertificate.cpp:116: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:92:27: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslcertificate.cpp:116: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:95:45: error: unknown type name 'OPENSSL_INIT_SETTINGS' int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ^ ssl/qsslsocket_openssl11_symbols_p.h:107:50: error: unknown type name 'X509_STORE_CTX_verify_cb' void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); ^ ssl/qsslsocket_openssl11_symbols_p.h:124:48: error: unknown type name 'OPENSSL_INIT_SETTINGS' int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ^ 9 errors generated. *** [.obj/qsslcertificate.o] Error code 1 make[1]: stopped in /ram/usr/ports/net/qt5-network/work/qtbase-everywhere-src-5.10.1/src/network --- .obj/qsslkey_p.o --- In file included from ssl/qsslkey_p.cpp:60: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:87:22: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? int q_OPENSSL_sk_num(OPENSSL_STACK *a); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslkey_p.cpp:60: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:88:28: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslkey_p.cpp:60: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:89:1: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? OPENSSL_STACK *q_OPENSSL_sk_new_null(); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslkey_p.cpp:60: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:90:24: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslkey_p.cpp:60: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:91:24: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? void q_OPENSSL_sk_free(OPENSSL_STACK *a); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslkey_p.cpp:60: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:92:27: error: unknown type name 'OPENSSL_STACK'; did you mean 'OPENSSL_BLOCK'? void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); ^~~~~~~~~~~~~ OPENSSL_BLOCK /usr/local/include/openssl/safestack.h:132:15: note: 'OPENSSL_BLOCK' declared here typedef void *OPENSSL_BLOCK; ^ In file included from ssl/qsslkey_p.cpp:60: In file included from ssl/qsslsocket_openssl_symbols_p.h:220: ssl/qsslsocket_openssl11_symbols_p.h:95:45: error: unknown type name 'OPENSSL_INIT_SETTINGS' int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ^ ssl/qsslsocket_openssl11_symbols_p.h:107:50: error: unknown type name 'X509_STORE_CTX_verify_cb' void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); ^ ssl/qsslsocket_openssl11_symbols_p.h:124:48: error: unknown type name 'OPENSSL_INIT_SETTINGS' int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ^ 9 errors generated. *** [.obj/qsslkey_p.o] Error code 1 make[1]: stopped in /ram/usr/ports/net/qt5-network/work/qtbase-everywhere-src-5.10.1/src/network 2 errors make[1]: stopped in /ram/usr/ports/net/qt5-network/work/qtbase-everywhere-src-5.10.1/src/network ===> Compilation failed unexpectedly. Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. *** Error code 1
Hi there This has been pointed out in the commit message: https://svnweb.freebsd.org/ports?view=revision&revision=470288 Mfg Tobias
True, but still not what one could expect (since there is FreeBSD based system which uses LibreSSL by default).
(In reply to Tobias C. Berner from comment #1) Ok, but the whole qt5 toolkit is not useable without qt5-network,
(In reply to jakub_lach from comment #2) So it should not be that hard to find some one to maintain it upstream :)
Created attachment 193533 [details] svn-diff_:qt5-network If I am right, this simple patch should work.
I would assume that + libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), -1); and so on will break with ssl from base.
Ok, we had wrap it in a conditional something like that: +- libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); +- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1); ++ #if defined(LIBRESSL_VERSION_NUMBER) ++ libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), -1); ++ libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/lib/libcrypto"), -1) ++ #else ++ libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); ++ libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1); ++ #endif but I cannot test it with openssl.
(In reply to Tobias C. Berner from comment #4) Right, from the look of it their network manager depends on it (sysutils/pc-networkmanager)?
Created attachment 193536 [details] svn-diff_qt5-network_v2 I hope this one is right. Please, could you test it.
This patch allows qt5-network to build against libressl without errors. However the at least one resulting package linked against qt5-network is not functioning correctly. When quassel-core is linked against the patched qt5-network I get: ``` [lucid-nonsense]:/home/matthew:# service quasselcore restart Stopping quasselcore. Waiting for PIDS: 47489. Starting quasselcore. [lucid-nonsense]:/home/matthew:# qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_new_null qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_push qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_free qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_num qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_pop_free qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_value qt.network.ssl: QSslSocket: cannot resolve SSL_CTX_set_options qt.network.ssl: QSslSocket: cannot resolve SSL_session_reused qt.network.ssl: QSslSocket: cannot resolve X509_get_version qt.network.ssl: QSslSocket: cannot resolve DSA_bits qt.network.ssl: QSslSocket: cannot call unresolved function OPENSSL_sk_num ("QPSQL", "QPSQL7") [lucid-nonsense]:/home/matthew:# service quasselcore status quasselcore is running as pid 47549. ``` The quassel-core process starts, albeit with a certain amount of complaint. Unfortunately it proves impossible to connect a quassel client to it, rendering it useless.
I think the error is here qsslsocket_openssl_symbols.cpp 880 return false; 881 => 882 #if QT_CONFIG(opensslv11) => had to add this --> || defined(LIBRESS_VERSION_NUMBER) 883 884 RESOLVEFUNC(OPENSSL_init_ssl) 885 RESOLVEFUNC(OPENSSL_init_crypto) 886 RESOLVEFUNC(ASN1_STRING_get0_data) 887 RESOLVEFUNC(EVP_CIPHER_CTX_reset) 888 RESOLVEFUNC(EVP_PKEY_base_id) 889 RESOLVEFUNC(RSA_bits) 890 RESOLVEFUNC(OPENSSL_sk_new_null) 891 RESOLVEFUNC(OPENSSL_sk_push) 892 RESOLVEFUNC(OPENSSL_sk_free) 893 RESOLVEFUNC(OPENSSL_sk_num) 894 RESOLVEFUNC(OPENSSL_sk_pop_free) but I have to test it.
No, does not work.
The OPENSSL_STACK issue can be resolved with a simple addition at the top of the openssl11.h file As taken from: https://github.com/openssl/openssl/blob/master/include/openssl/stack.h#L17 > # LibreSSL 2.7 has stack_st but not OPENSSL_STACK > #ifndef OPENSSL_STACK > typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ > #endif OPENSSL_INIT_SETTINGS is not defined in Libre but it is void in the signatures, so this works > #ifndef OPENSSL_INIT_SETTINGS > #define OPENSSL_INIT_SETTINGS void > #endif Ended up with > 78 #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L > 79 // LibreSSL 2.7 has stack_st but not OPENSSL_STACK > 80 typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ > 81 // From the signature in LibreSSL > 82 #define OPENSSL_INIT_SETTINGS void > 83 // https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h#L63 > 84 typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); > 85 #endif in work/qtbase-everywhere-src-5.10.1/src/network/ssl/qsslsocket_openssl11_symbols_p.h That leaves the BN_is_word and BN_abs_is_word to be solved.
(In reply to Bernard Spil from comment #13) Sorry, but I cannot find any "openssl11.h".
Created attachment 193559 [details] svn diff for net/qt5-network Can you please test and see if this is complete?
(In reply to Matthew Seaman from comment #10) Then I must assume my patch is also incomplete, I haven't touched these functions in my patch :'(
(In reply to Bernard Spil from comment #13) Sorry, but I cannot find any "openssl11.h". (In reply to w.schwarzenfeld from comment #14) This was a misunderstood (=> Ended up...).
(In reply to Bernard Spil from comment #16) Seens you also overlooked comment #6.
Sorry, no this was a error in my patch. Ok.
For what it's worth I tested Bernard Spil's patch with both libressl and openssl-base with qbittorrent, and works fine with either.
At least there's an unambiguous answer from upstream. https://bugreports.qt.io/browse/QTBUG-68374 > Timur Pocheptsov added a comment - 1 hour ago > We don't support LibreSSL. > Closed, Invalid
Given upstream's terse response to not supporting libressl, plus our (and OpenBSD and a few others') want to continue supporting this combination, I think we will need to carry these patches ourselves. In any case, these patches work as intended.
Hm, that is rather disappointing as responses go.
If patches work for both OpenSSL and LibreSSL - please commit it.
So it's just that little diff that is needed for libressl?
Unfortunately these latest patches don't work for me trying to build quassel-core linked against libressl. Same outcomes as in my earlier comment (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228344#c10)
Created attachment 193786 [details] changed patch
(In reply to Bernard Spil from comment #13) Patch works, but you need to change existing patch files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h -#if !defined(BN_is_word) +#if !defined(BN_is_word) || defined(LIBRESSL_VERSION_NUMBER)
no: quasselcore & [2] 1595 ngorx@newgorx:/usr/ports/net/qt5-network % qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_new_null qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_push qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_free qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_num qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_pop_free qt.network.ssl: QSslSocket: cannot resolve OPENSSL_sk_value qt.network.ssl: QSslSocket: cannot resolve SSL_CTX_set_options qt.network.ssl: QSslSocket: cannot resolve SSL_session_reused qt.network.ssl: QSslSocket: cannot resolve X509_get_version qt.network.ssl: QSslSocket: cannot resolve DSA_bits qt.network.ssl: QSslSocket: cannot call unresolved function OPENSSL_sk_num
Ping
Maybe, it did something wrong. The error messages did not appear anymore with this patch. Seems to work.
Hi all We're working on qt5 5.11 at the moment here https://github.com/freebsd/freebsd-ports-kde/tree/qt5-5.11.1 If someone can fix up a patch for libressl we can have it included in the update. mfg Tobias
(In reply to Tobias C. Berner from comment #32) There is a patch that works at https://github.com/gentoo/libressl/blob/master/dev-qt/qtnetwork/files/qtnetwork-5.11.1-libressl.patch
Created attachment 196989 [details] patch-qsslsocket__openssl__symbols.cpp Needs additional patch.
(In reply to w.schwarzenfeld from comment #34) Could you provide a unified 5.11 patch against a ports tree, and mark the rest as a obsolete?
Created attachment 196994 [details] svn-diff-qt5-network-5.11.1
(In reply to w.schwarzenfeld from comment #36) Thanks! A lot clearer now, compiles ok.
FWIW unfortunately, patch needs correction for 5.11.2
(In reply to jakub_lach from comment #38) Sorry, in the moment I am tired to play with "ssl". I use a package or set CONFIGURE_ARGS= -no-gui -no-xcb -no-openssl (I know this not really a solution).
That's understandable, I just hope this situation will be resolved somehow in ports, as qt5 unfortunately explicitly refused to support LibreSSL.
Created attachment 198438 [details] patch-libressl_v2 New try. Not sure if patch-src_networt_ssl_qsslcontext_openssl11.cpp is right.
(In reply to w.schwarzenfeld from comment #41) And that exactly is the big problem with all these SSL patches :-)
Created attachment 198440 [details] patch-libressl_v3 No, was wrong.
(In reply to w.schwarzenfeld from comment #43) The v3 patch works fine for me in combination with qbittorrent. Thanks.
(In reply to w.schwarzenfeld from comment #43) Thanks!
The patch replaces %%OPENSSLLIB%% with /usr/local/lib ... that seems like an unwanted change.
Created attachment 198490 [details] patch-libressl_v4 Path corrected.
Created attachment 198491 [details] patch-libressl_v5 Was an error in .
Please readd the comments that were deleted in the top of the patches, and also extend them to describe //why// the new hunks are added.
I think #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) is explanation enough.
Created attachment 198600 [details] patch-libressl_v6 Ok, put the deleted comments back.
I have no clue what should I write in as comment.
(In reply to w.schwarzenfeld from comment #52) patch(1) has some problems with recognizing v6
Created attachment 198607 [details] patch-libressl_v7 This should work.
Created attachment 198610 [details] patch-libressl_v8_with_comments Is it that what was you mean with comments?
Created attachment 198611 [details] patch-libressl_v8.1_with_comments Was a typo in.
(In reply to w.schwarzenfeld from comment #56) Mostly... Still I would have liked a comment on why you define various things like TLS1_2_VERSION Mfg Tobias
Created attachment 198618 [details] patch-libressl_v9 Definitions for TLS_VERSIONS needed for qsslcontext_openssl11.cpp (QSslContext::initSslContext)
Bernard Spil used it in the same way inBug #230884, comment 1 for 5.11.1 (was never committed).
Just some feedback, this patch worked to allow net/qt5-network to build off of ports/HEAD. Thank you!
A commit references this bug: Author: tcberner Date: Mon Nov 26 20:29:02 UTC 2018 New revision: 485965 URL: https://svnweb.freebsd.org/changeset/ports/485965 Log: net/qt5-network: fix build with LibreSSL PR: 228344 Submitted by: Walter Schwarzenfeld <w.schwarzenfeld@utanet.at> Changes: head/net/qt5-network/Makefile head/net/qt5-network/files/patch-qsslcontext_openssl.cpp head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h