Attachment #207982 for bug #240962

View | Details | Raw Unified | Return to bug 240962
Collapse All | Expand All

Lines 2-7 Link Here

(-)Makefile (+1 lines)
2		2
3	PORTNAME= network	3	PORTNAME= network
4	DISTVERSION= ${QT5_VERSION}	4	DISTVERSION= ${QT5_VERSION}
		5	PORTREVISION= 1
5	CATEGORIES= net ipv6	6	CATEGORIES= net ipv6
6	PKGNAMEPREFIX= qt5-	7	PKGNAMEPREFIX= qt5-
7		8




--- src/network/ssl/qsslsocket_openssl11_symbols_p.h.orig	2019-10-01 07:47:24 UTC
+++ src/network/ssl/qsslsocket_openssl11_symbols_p.h
@@ -77,19 +77,48 @@
 
 const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
 
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
+// LibreSSL 2.7 has stack_st but not OPENSSL_STACK
+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
+// From the signature in LibreSSL
+#define OPENSSL_INIT_SETTINGS void
+// https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h#L63
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+#endif
+
+
 Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
 Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
 
-int q_DSA_bits(DSA *a);
+#ifdef LIBRESSL_VERSION_NUMBER
+#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
+#else
+ int q_DSA_bits(DSA *a);
+#endif
 int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
 int q_EVP_PKEY_base_id(EVP_PKEY *a);
 int q_RSA_bits(RSA *a);
+#ifdef LIBRESSL_VERSION_NUMBER
+int q_sk_num(OPENSSL_STACK *a);
+void q_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
+OPENSSL_STACK *q_sk_new_null();
+void q_sk_push(OPENSSL_STACK *st, void *data);
+void q_sk_free(OPENSSL_STACK *a);
+void * q_sk_value(OPENSSL_STACK *a, int b);
+#define q_OPENSSL_sk_num(a) q_sk_num(a)
+#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
+#define q_OPENSSL_sk_new_null() q_sk_new_null()
+#define q_OPENSSL_sk_push(a, b) q_sk_push(a, b)
+#define q_OPENSSL_sk_free q_sk_free
+#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
+#else
 Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
 Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
 Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
 Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
 Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
 Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
+#endif
 int q_SSL_session_reused(SSL *a);
 unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
 int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
@@ -110,12 +139,15 @@ STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE
 void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
 int q_DH_bits(DH *dh);
 
-# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+#define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
                                                        | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
-
+#ifdef LIBRESSL_VERSION_NUMBER
+#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
+#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
+#else
 #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st)
 #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i)
-
+#endif
 #define q_OPENSSL_add_all_algorithms_conf()  q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
                                                                    | OPENSSL_INIT_ADD_ALL_DIGESTS \
                                                                    | OPENSSL_INIT_LOAD_CONFIG, NULL)

Line 0 Link Here

(-)files/patch-src_network_ssl_qsslcontext_openssl.cpp (+11 lines)
	1	--- src/network/ssl/qsslcontext_openssl.cpp.orig 2019-10-01 08:05:51 UTC
	2	+++ src/network/ssl/qsslcontext_openssl.cpp
	3	@@ -265,7 +265,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslC
	4	}
	5	#endif // ocsp
	6
	7	-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
	8	+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
	9	if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) {
	10	QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
	11	if (cctx) {

Line 0 Link Here

(-)files/patch-src_network_ssl_qsslsocket_openssl.cpp (+11 lines)
	1	--- src/network/ssl/qsslsocket_openssl.cpp.orig 2019-10-01 08:09:52 UTC
	2	+++ src/network/ssl/qsslsocket_openssl.cpp
	3	@@ -604,7 +604,7 @@ bool QSslSocketBackendPrivate::initSslContext()
	4	q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
	5	}
	6	#endif
	7	-#if OPENSSL_VERSION_NUMBER >= 0x10101006L
	8	+#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
	9	// Set the client callback for TLSv1.3 PSK
	10	if (mode == QSslSocket::SslClientMode
	11	&& QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {




Redefine SSL stack functions to their proper symbols in LibreSSL.
Also reference a redefined DSA_bits() that does not natively exist
in LibreSSL.

Ensure that we link to the correct ssl library selected in
DEFAULT_VERSIONS.

Do not define SSL_CONF_CTX symbols absent from LibreSSL.

--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2018-12-03 11:15:26 UTC
+++ src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -152,6 +152,14 @@ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w,
 DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
 DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
 DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
+#ifdef LIBRESSL_VERSION_NUMBER
+DEFINEFUNC(int, sk_num, OPENSSL_STACK *a, a, return -1, return)
+DEFINEFUNC2(void, sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
+DEFINEFUNC(OPENSSL_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
+DEFINEFUNC2(void, sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
+DEFINEFUNC(void, sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+DEFINEFUNC2(void *, sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
+#else
 DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
 DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
 DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
@@ -159,6 +167,7 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMY
 DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
 DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
 DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
+#endif
 DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
 DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
 #ifdef TLS1_3_VERSION
@@ -443,7 +452,7 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a
 DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
 DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
 DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
 DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
 DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
@@ -846,8 +855,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
 #endif
 #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so
     // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
-    libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER));
-    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER));
+    libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER));
+    libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER));
     if (libcrypto->load() && libssl->load()) {
         // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
         return pair;
@@ -876,8 +885,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
     //  macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third
     //    attempt, _after_ <bundle>/Contents/Frameworks has been searched.
     //  iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place.
-    libssl->setFileNameAndVersion(QLatin1String("ssl"), -1);
-    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1);
+    libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1);
+    libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1);
     if (libcrypto->load() && libssl->load()) {
         // libssl.so.0 and libcrypto.so.0 found
         return pair;
@@ -961,12 +970,21 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(EVP_CIPHER_CTX_reset)
     RESOLVEFUNC(EVP_PKEY_base_id)
     RESOLVEFUNC(RSA_bits)
+#ifdef LIBRESSL_VERSION_NUMBER
+    RESOLVEFUNC(sk_new_null)
+    RESOLVEFUNC(sk_push)
+    RESOLVEFUNC(sk_free)
+    RESOLVEFUNC(sk_num)
+    RESOLVEFUNC(sk_pop_free)
+    RESOLVEFUNC(sk_value)
+#else
     RESOLVEFUNC(OPENSSL_sk_new_null)
     RESOLVEFUNC(OPENSSL_sk_push)
     RESOLVEFUNC(OPENSSL_sk_free)
     RESOLVEFUNC(OPENSSL_sk_num)
     RESOLVEFUNC(OPENSSL_sk_pop_free)
     RESOLVEFUNC(OPENSSL_sk_value)
+#endif
     RESOLVEFUNC(DH_get0_pqg)
     RESOLVEFUNC(SSL_CTX_set_options)
 #ifdef TLS1_3_VERSION
@@ -1001,7 +1019,9 @@ bool q_resolveOpenSslSymbols()
 
     RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
     RESOLVEFUNC(DH_bits)
+#ifndef LIBRESSL_VERSION_NUMBER
     RESOLVEFUNC(DSA_bits)
+#endif
 
 #if QT_CONFIG(dtls)
     RESOLVEFUNC(DTLSv1_listen)
@@ -1237,7 +1257,7 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
     RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
     RESOLVEFUNC(SSL_CTX_get_cert_store);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
     RESOLVEFUNC(SSL_CONF_CTX_new);
     RESOLVEFUNC(SSL_CONF_CTX_free);
     RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);




--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig	2019-10-01 07:47:06 UTC
+++ src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -72,6 +72,12 @@
 #include "qsslsocket_openssl_p.h"
 #include <QtCore/qglobal.h>
 
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
+# define TLS1_2_VERSION 0x0303
+# define TLS_MAX_VERSION TLS1_2_VERSION
+# define TLS_ANY_VERSION 0x10000
+#endif
+
 #if QT_CONFIG(ocsp)
 #include "qocsp_p.h"
 #endif
@@ -372,7 +378,7 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
 int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
 int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
 X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L  && !defined(LIBRESSL_VERSION_NUMBER)
 SSL_CONF_CTX *q_SSL_CONF_CTX_new();
 void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
 void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);

Return to bug 240962

Line 0 Link Here

(-)files/patch-qsslsocket_openssl11_symbols_p.h (+71 lines)
		1	--- src/network/ssl/qsslsocket_openssl11_symbols_p.h.orig 2019-10-01 07:47:24 UTC
		2	+++ src/network/ssl/qsslsocket_openssl11_symbols_p.h
		3	@@ -77,19 +77,48 @@
		4
		5	const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
		6
		7	+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
		8	+// LibreSSL 2.7 has stack_st but not OPENSSL_STACK
		9	+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
		10	+// From the signature in LibreSSL
		11	+#define OPENSSL_INIT_SETTINGS void
		12	+// https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h#L63
		13	+typedef int (X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX );
		14	+#endif
		15	+
		16	+
		17	Q_AUTOTEST_EXPORT BIO q_BIO_new(const BIO_METHOD a);
		18	Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
		19
		20	-int q_DSA_bits(DSA *a);
		21	+#ifdef LIBRESSL_VERSION_NUMBER
		22	+#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
		23	+#else
		24	+ int q_DSA_bits(DSA *a);
		25	+#endif
		26	int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
		27	int q_EVP_PKEY_base_id(EVP_PKEY *a);
		28	int q_RSA_bits(RSA *a);
		29	+#ifdef LIBRESSL_VERSION_NUMBER
		30	+int q_sk_num(OPENSSL_STACK *a);
		31	+void q_sk_pop_free(OPENSSL_STACK a, void (b)(void *));
		32	+OPENSSL_STACK *q_sk_new_null();
		33	+void q_sk_push(OPENSSL_STACK st, void data);
		34	+void q_sk_free(OPENSSL_STACK *a);
		35	+void * q_sk_value(OPENSSL_STACK *a, int b);
		36	+#define q_OPENSSL_sk_num(a) q_sk_num(a)
		37	+#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
		38	+#define q_OPENSSL_sk_new_null() q_sk_new_null()
		39	+#define q_OPENSSL_sk_push(a, b) q_sk_push(a, b)
		40	+#define q_OPENSSL_sk_free q_sk_free
		41	+#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
		42	+#else
		43	Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
		44	Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK a, void (b)(void *));
		45	Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
		46	Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK st, void data);
		47	Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
		48	Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
		49	+#endif
		50	int q_SSL_session_reused(SSL *a);
		51	unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
		52	int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
		53	@@ -110,12 +139,15 @@ STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE
		54	void q_DH_get0_pqg(const DH dh, const BIGNUM p, const BIGNUM q, const BIGNUM *g);
		55	int q_DH_bits(DH *dh);
		56
		57	-# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
		58	+#define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
		59	\| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
		60	-
		61	+#ifdef LIBRESSL_VERSION_NUMBER
		62	+#define q_SKM_sk_num(type, st) ((int ()(const STACK_OF(type) ))q_sk_num)(st)
		63	+#define q_SKM_sk_value(type, st,i) ((type * ()(const STACK_OF(type) , int))q_sk_value)(st, i)
		64	+#else
65	#define q_SKM_sk_num(type, st) ((int ()(const STACK_OF(type) ))q_OPENSSL_sk_num)(st)
66	#define q_SKM_sk_value(type, st,i) ((type * ()(const STACK_OF(type) , int))q_OPENSSL_sk_value)(st, i)
67	-
68	+#endif
69	#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
70	\| OPENSSL_INIT_ADD_ALL_DIGESTS \
71	\| OPENSSL_INIT_LOAD_CONFIG, NULL)

Line 0 Link Here

(-)files/patch-src_network_ssl_qsslsocket_openssl_symbols.cpp (+106 lines)
		1	Redefine SSL stack functions to their proper symbols in LibreSSL.
		2	Also reference a redefined DSA_bits() that does not natively exist
		3	in LibreSSL.
		4
		5	Ensure that we link to the correct ssl library selected in
		6	DEFAULT_VERSIONS.
		7
		8	Do not define SSL_CONF_CTX symbols absent from LibreSSL.
		9
		10	--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2018-12-03 11:15:26 UTC
		11	+++ src/network/ssl/qsslsocket_openssl_symbols.cpp
		12	@@ -152,6 +152,14 @@ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w,
		13	DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
		14	DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
		15	DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
		16	+#ifdef LIBRESSL_VERSION_NUMBER
		17	+DEFINEFUNC(int, sk_num, OPENSSL_STACK *a, a, return -1, return)
		18	+DEFINEFUNC2(void, sk_pop_free, OPENSSL_STACK a, a, void (b)(void*), b, return, DUMMYARG)
		19	+DEFINEFUNC(OPENSSL_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
		20	+DEFINEFUNC2(void, sk_push, OPENSSL_STACK a, a, void b, b, return, DUMMYARG)
		21	+DEFINEFUNC(void, sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
		22	+DEFINEFUNC2(void , sk_value, OPENSSL_STACK a, a, int b, b, return nullptr, return)
		23	+#else
		24	DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
		25	DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
		26	DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK a, a, void (b)(void*), b, return, DUMMYARG)
		27	@@ -159,6 +167,7 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMY
		28	DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK a, a, void b, b, return, DUMMYARG)
		29	DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
		30	DEFINEFUNC2(void , OPENSSL_sk_value, OPENSSL_STACK a, a, int b, b, return nullptr, return)
		31	+#endif
		32	DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
		33	DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
		34	#ifdef TLS1_3_VERSION
		35	@@ -443,7 +452,7 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a
		36	DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX a, a, RSA b, b, return -1, return)
		37	DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX a, a, const char b, b, int c, c, return -1, return)
		38	DEFINEFUNC(X509_STORE , SSL_CTX_get_cert_store, const SSL_CTX a, a, return nullptr, return)
		39	-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
		40	+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
		41	DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
		42	DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
		43	DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX a, a, SSL_CTX b, b, return, return);
		44	@@ -846,8 +855,8 @@ static QPair<QLibrary, QLibrary> loadOpenSsl()
		45	#endif
		46	#if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so
		47	// first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
		48	- libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER));
		49	- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER));
		50	+ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER));
		51	+ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER));
		52	if (libcrypto->load() && libssl->load()) {
		53	// libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
		54	return pair;
		55	@@ -876,8 +885,8 @@ static QPair<QLibrary, QLibrary> loadOpenSsl()
		56	// macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third
		57	// attempt, _after_ <bundle>/Contents/Frameworks has been searched.
		58	// iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place.
		59	- libssl->setFileNameAndVersion(QLatin1String("ssl"), -1);
		60	- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1);
		61	+ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1);
		62	+ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1);
		63	if (libcrypto->load() && libssl->load()) {
		64	// libssl.so.0 and libcrypto.so.0 found
65	return pair;
66	@@ -961,12 +970,21 @@ bool q_resolveOpenSslSymbols()
67	RESOLVEFUNC(EVP_CIPHER_CTX_reset)
68	RESOLVEFUNC(EVP_PKEY_base_id)
69	RESOLVEFUNC(RSA_bits)
70	+#ifdef LIBRESSL_VERSION_NUMBER
71	+ RESOLVEFUNC(sk_new_null)
72	+ RESOLVEFUNC(sk_push)
73	+ RESOLVEFUNC(sk_free)
74	+ RESOLVEFUNC(sk_num)
75	+ RESOLVEFUNC(sk_pop_free)
76	+ RESOLVEFUNC(sk_value)
77	+#else
78	RESOLVEFUNC(OPENSSL_sk_new_null)
79	RESOLVEFUNC(OPENSSL_sk_push)
80	RESOLVEFUNC(OPENSSL_sk_free)
81	RESOLVEFUNC(OPENSSL_sk_num)
82	RESOLVEFUNC(OPENSSL_sk_pop_free)
83	RESOLVEFUNC(OPENSSL_sk_value)
84	+#endif
85	RESOLVEFUNC(DH_get0_pqg)
86	RESOLVEFUNC(SSL_CTX_set_options)
87	#ifdef TLS1_3_VERSION
88	@@ -1001,7 +1019,9 @@ bool q_resolveOpenSslSymbols()
89
90	RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
91	RESOLVEFUNC(DH_bits)
92	+#ifndef LIBRESSL_VERSION_NUMBER
93	RESOLVEFUNC(DSA_bits)
94	+#endif
95
96	#if QT_CONFIG(dtls)
97	RESOLVEFUNC(DTLSv1_listen)
98	@@ -1237,7 +1257,7 @@ bool q_resolveOpenSslSymbols()
99	RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
100	RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
101	RESOLVEFUNC(SSL_CTX_get_cert_store);
102	-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
103	+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
104	RESOLVEFUNC(SSL_CONF_CTX_new);
105	RESOLVEFUNC(SSL_CONF_CTX_free);
106	RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);