1401459 – (qt5_openssl11) QSslSocket: openssl-1.1 support

Bug 1401459 (qt5_openssl11) - QSslSocket: openssl-1.1 support

Summary: QSslSocket: openssl-1.1 support

Keywords:
Status:	CLOSED RAWHIDE
Alias:	qt5_openssl11
Product:	Fedora
Classification:	Fedora
Component:	qt5-qtbase
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Than Ngo
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1383740 1423077
TreeView+	depends on / blocked

Reported:	2016-12-05 10:47 UTC by Sandro Mani
Modified:	2017-11-18 08:58 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-07-27 14:42:46 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Qt Bug Tracker	QTBUG-52905	0	None	None	None	2016-12-07 17:57:51 UTC

Description Sandro Mani 2016-12-05 10:47:25 UTC

Description of problem:
Since the 5.7.1 update, ktp login fails, and many QSslSocket: cannot resolve [openssl symbol] are listed in journalctl (full log below).



Version-Release number of selected component (if applicable):
qt5-qtbase-5.7.1-3.fc26.x86_64
ktp-auth-handler-16.08.2-1.fc26.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Attempt to login with a gtalk account
2.
3.

Actual results:
Dez 05 11:29:51 PC4 dbus-daemon[3269]: [session uid=1000 pid=3269] Activating service name='org.freedesktop.Telepathy.ConnectionManager.gabble' requested by ':1.10' (uid=1000 pid=3338 comm="/usr/libexec/mission-control-5 " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
Dez 05 11:29:51 PC4 dbus-daemon[3269]: [session uid=1000 pid=3269] Successfully activated service 'org.freedesktop.Telepathy.ConnectionManager.gabble'
Dez 05 11:29:52 PC4 dbus-daemon[3269]: [session uid=1000 pid=3269] Activating service name='org.freedesktop.Telepathy.Client.KTp.TLSHandler' requested by ':1.10' (uid=1000 pid=3338 comm="/usr/libexec/mission-control-5 " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: kf5.kcoreaddons.kaboutdata: Could not initialize the equivalent properties of Q*Application: no instance (yet) existing.
Dez 05 11:29:52 PC4 dbus-daemon[3269]: [session uid=1000 pid=3269] Successfully activated service 'org.freedesktop.Telepathy.Client.KTp.TLSHandler'
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve OPENSSL_free
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve ERR_free_strings
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve EVP_CIPHER_CTX_cleanup
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve EVP_CIPHER_CTX_init
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSL_library_init
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSL_load_error_strings
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSL_get_ex_new_index
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSLv23_client_method
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSLv23_server_method
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve X509_STORE_CTX_get_chain
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve X509_get_notBefore
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve X509_get_notAfter
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_noconf
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_conf
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSLeay
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot resolve SSLeay_version
Dez 05 11:29:52 PC4 kernel: ktp-auth-handle[4642]: segfault at 4 ip 00007f9a0323f354 sp 00007ffdc4567180 error 4 in libQt5Network.so.5.7.1[7f9a0312a000+168000]
Dez 05 11:29:52 PC4 kernel: audit: type=1701 audit(1480933792.217:8218): auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=4642 comm="ktp-auth-handle" exe="/usr/libexec/ktp-auth-handler" sig=11
Dez 05 11:29:52 PC4 audit[4642]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=4642 comm="ktp-auth-handle" exe="/usr/libexec/ktp-auth-handler" sig=11
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function SSLeay
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function SSL_library_init
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function SSLv23_client_method
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function X509_get_notBefore
Dez 05 11:29:52 PC4 ktp-auth-handler[4642]: qt.network.ssl: QSslSocket: cannot call unresolved function X509_get_notAfter
Dez 05 11:29:52 PC4 systemd[1]: Started Process Core Dump (PID 4645/UID 0).
Dez 05 11:29:52 PC4 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@132-4645-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dez 05 11:29:52 PC4 kernel: audit: type=1130 audit(1480933792.237:8219): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@132-4645-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dez 05 11:29:52 PC4 systemd-coredump[4646]: Core Dumping has been disabled for process 4642 (ktp-auth-handle).
Dez 05 11:29:52 PC4 systemd-coredump[4646]: Process 4642 (ktp-auth-handle) of user 1000 dumped core.

Comment 1 Than Ngo 2016-12-05 11:52:33 UTC

it seems the openssl-1.1 port causes  this issue. i'm looking..

Comment 2 Rex Dieter 2016-12-05 12:54:06 UTC

I think it best to revert back to using -openssl-linked at least until this is resolved (then it *should* be clear and fail at build-time rather than runtime)

Comment 3 Sandro Mani 2016-12-06 21:39:03 UTC

Could the -openssl-linked be restored in the meantime? This is breaking a number of apps.

Comment 4 Rex Dieter 2016-12-07 16:15:57 UTC

%changelog
* Wed Dec 07 2016 Rex Dieter <rdieter> - 5.7.1-4
- use -openssl-linked (bug #1401459)
- BR: perl-generators

Comment 5 Rex Dieter 2016-12-07 17:01:16 UTC

And now we're back to FTBFS as expected, with errors of the form:

In file included from ssl/qsslsocket_openssl_symbols.cpp:57:0:
ssl/qsslsocket_openssl_symbols.cpp: In function 'unsigned char* q_ASN1_STRING_data(ASN1_STRING*)':
ssl/qsslsocket_openssl_symbols_p.h:183:39: error: 'ASN1_STRING_data' was not declared in this scope
     ret q_##func(arg) { funcret func(a); }

Comment 6 Rex Dieter 2016-12-07 17:12:50 UTC

commit 276e67ad3a42e8b790c0b645592f7ddf31f0378e
Author: Rex Dieter <rdieter.edu>
Date:   Wed Dec 7 11:11:58 2016 -0600

    disable openssl11 (FTBFS)
    
    and use compat-openssl10 for now

Comment 7 Rex Dieter 2016-12-07 17:57:51 UTC

See also upstream bug tracking adding openssl-1.1 support,

https://bugreports.qt.io/browse/QTBUG-52905

Comment 8 Rex Dieter 2016-12-07 17:58:56 UTC

Which mentions Qt 5.9 target :(

Comment 9 Sandro Mani 2016-12-07 19:21:30 UTC

Thanks for 5.7.1-4!

Comment 10 Than Ngo 2016-12-08 15:39:22 UTC

i think it's safe to use the compat-openssl10 in the meantime and we will switch to open-ssl-1.1 when it's official supported by upstream.

Comment 11 Rex Dieter 2017-02-27 16:44:23 UTC

Re-opening to track this feature being enabled in Qt5.  Per upstream bug, this is targeting Qt 5.10 release, Nov 2017

Comment 12 Rex Dieter 2017-07-18 11:58:34 UTC

Looks like official support landed on what will become Qt-5.10, can likely close this and simply wait (for 5.10)

Comment 13 Than Ngo 2017-07-27 14:42:46 UTC

it's fixed in qt5-qtbase-5.9.1-3.fc27

Comment 14 Gilboa Davara 2017-07-30 11:20:45 UTC

Any plans to push 'fixed' 5.9.1 to Fedora 26?

- Gilboa

Comment 15 Rex Dieter 2017-07-31 00:39:57 UTC

F26's openssl support will most likely stay the same for compatibility reasons

Comment 16 Gilboa Davara 2017-07-31 06:45:06 UTC

OK. Thanks.

Comment 17 Eric Smith 2017-11-18 08:58:28 UTC

Qt5 5.9.2-5 in F26-testing has fixed this bug for me. I had several Qt5-based commercial programs including the Saleae logic analyzer software which previously would not work, but after trying the update they work fine.

Note You need to log in before you can comment on or make changes to this bug.