Bug 1401459 (qt5_openssl11)

Summary: QSslSocket: openssl-1.1 support
Product: [Fedora] Fedora Reporter: Sandro Mani <manisandro>
Component: qt5-qtbaseAssignee: Than Ngo <than>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: gilboad, jgrulich, jreznik, rdieter, spacewar, than
Target Milestone: ---Keywords: FutureFeature, Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-27 14:42:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1383740, 1423077    

Description Sandro Mani 2016-12-05 10:47:25 UTC 
Description of problem:
Since the 5.7.1 update, ktp login fails, and many QSslSocket: cannot resolve [openssl symbol] are listed in journalctl (full log below).



Version-Release number of selected component (if applicable):
qt5-qtbase-5.7.1-3.fc26.x86_64
ktp-auth-handler-16.08.2-1.fc26.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Attempt to login with a gtalk account
2.
3.

Actual results:
Dez 05 11:29:51 PC4 dbus-daemon[3269]: [session uid=1000 pid=3269] Activating service name='org.freedesktop.Telepathy.ConnectionManager.gabble' requested by ':1.10' (uid=1000 pid=3338 comm="/usr/libexec/mission-control-5 " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
Dez 05 11:29:51 PC4 dbus-daemon[3269]: [session uid=1000 pid=3269] Successfully activated service 'org.freedesktop.Telepathy.ConnectionManager.gabble'
Dez 05 11:29:52 PC4 dbus-daemon[3269]: [session uid=1000 pid=3269] Activating service name='org.freedesktop.Telepathy.Client.KTp.TLSHandler' requested by ':1.10' (uid=1000 pid=3338 comm="/usr/libexec/mission-control-5 " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: kf5.kcoreaddons.kaboutdata: Could not initialize the equivalent properties of Q*Application: no instance (yet) existing.
Dez 05 11:29:52 PC4 dbus-daemon[3269]: [session uid=1000 pid=3269] Successfully activated service 'org.freedesktop.Telepathy.Client.KTp.TLSHandler'
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve OPENSSL_free
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve ERR_free_strings
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve EVP_CIPHER_CTX_cleanup
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve EVP_CIPHER_CTX_init
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSL_library_init
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSL_load_error_strings
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSL_get_ex_new_index
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSLv23_client_method
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSLv23_server_method
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve X509_STORE_CTX_get_chain
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve X509_get_notBefore
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve X509_get_notAfter
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_noconf
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_conf
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSLeay
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSLeay_version
Dez 05 11:29:52 PC4 kernel: ktp-auth-handle[4642]: segfault at 4 ip 00007f9a0323f354 sp 00007ffdc4567180 error 4 in libQt5Network.so.5.7.1[7f9a0312a000+168000]
Dez 05 11:29:52 PC4 kernel: audit: type=1701 audit(1480933792.217:8218): auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=4642 comm="ktp-auth-handle" exe="/usr/libexec/ktp-auth-handler" sig=11
Dez 05 11:29:52 PC4 audit[4642]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=4642 comm="ktp-auth-handle" exe="/usr/libexec/ktp-auth-handler" sig=11
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function SSLeay
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function SSL_library_init
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function SSLv23_client_method
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function X509_get_notBefore
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function X509_get_notAfter
Dez 05 11:29:52 PC4 systemd[1]: Started Process Core Dump (PID 4645/UID 0).
Dez 05 11:29:52 PC4 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@132-4645-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dez 05 11:29:52 PC4 kernel: audit: type=1130 audit(1480933792.237:8219): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@132-4645-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dez 05 11:29:52 PC4 systemd-coredump[4646]: Core Dumping has been disabled for process 4642 (ktp-auth-handle).
Dez 05 11:29:52 PC4 systemd-coredump[4646]: Process 4642 (ktp-auth-handle) of user 1000 dumped core.
Comment 1 Than Ngo 2016-12-05 11:52:33 UTC 
it seems the openssl-1.1 port causes  this issue. i'm looking..
Comment 2 Rex Dieter 2016-12-05 12:54:06 UTC 
I think it best to revert back to using -openssl-linked at least until this is resolved (then it *should* be clear and fail at build-time rather than runtime)
Comment 3 Sandro Mani 2016-12-06 21:39:03 UTC 
Could the -openssl-linked be restored in the meantime? This is breaking a number of apps.
Comment 4 Rex Dieter 2016-12-07 16:15:57 UTC 
%changelog
* Wed Dec 07 2016 Rex Dieter <rdieter> - 5.7.1-4
- use -openssl-linked (bug #1401459)
- BR: perl-generators
Comment 5 Rex Dieter 2016-12-07 17:01:16 UTC 
And now we're back to FTBFS as expected, with errors of the form:

In file included from ssl/qsslsocket_openssl_symbols.cpp:57:0:
ssl/qsslsocket_openssl_symbols.cpp: In function 'unsigned char* q_ASN1_STRING_data(ASN1_STRING*)':
ssl/qsslsocket_openssl_symbols_p.h:183:39: error: 'ASN1_STRING_data' was not declared in this scope
     ret q_##func(arg) { funcret func(a); }
Comment 6 Rex Dieter 2016-12-07 17:12:50 UTC 
commit 276e67ad3a42e8b790c0b645592f7ddf31f0378e
Author: Rex Dieter <rdieter.edu>
Date:   Wed Dec 7 11:11:58 2016 -0600

    disable openssl11 (FTBFS)
    
    and use compat-openssl10 for now
Comment 7 Rex Dieter 2016-12-07 17:57:51 UTC 
See also upstream bug tracking adding openssl-1.1 support,

https://bugreports.qt.io/browse/QTBUG-52905
Comment 8 Rex Dieter 2016-12-07 17:58:56 UTC 
Which mentions Qt 5.9 target :(
Comment 9 Sandro Mani 2016-12-07 19:21:30 UTC 
Thanks for 5.7.1-4!
Comment 10 Than Ngo 2016-12-08 15:39:22 UTC 
i think it's safe to use the compat-openssl10 in the meantime and we will switch to open-ssl-1.1 when it's official supported by upstream.
Comment 11 Rex Dieter 2017-02-27 16:44:23 UTC 
Re-opening to track this feature being enabled in Qt5.  Per upstream bug, this is targeting Qt 5.10 release, Nov 2017
Comment 12 Rex Dieter 2017-07-18 11:58:34 UTC 
Looks like official support landed on what will become Qt-5.10, can likely close this and simply wait (for 5.10)
Comment 13 Than Ngo 2017-07-27 14:42:46 UTC 
it's fixed in qt5-qtbase-5.9.1-3.fc27
Comment 14 Gilboa Davara 2017-07-30 11:20:45 UTC 
Any plans to push 'fixed' 5.9.1 to Fedora 26?

- Gilboa
Comment 15 Rex Dieter 2017-07-31 00:39:57 UTC 
F26's openssl support will most likely stay the same for compatibility reasons
Comment 16 Gilboa Davara 2017-07-31 06:45:06 UTC 
OK. Thanks.
Comment 17 Eric Smith 2017-11-18 08:58:28 UTC 
Qt5 5.9.2-5 in F26-testing has fixed this bug for me. I had several Qt5-based commercial programs including the Saleae logic analyzer software which previously would not work, but after trying the update they work fine.