SSL issues after upgrading Ubuntu
-
Hi,
Can you check with a more recent version of Qt ? The latest 6.2 released or maybe 6.3 ?
There was already work done to support OpenSSL3 see this bug report.
-
Hi,
Can you check with a more recent version of Qt ? The latest 6.2 released or maybe 6.3 ?
There was already work done to support OpenSSL3 see this bug report.
-
@SGaist sorry to bump but this issue broke all my applications. For example one that uses
qtopcuanow fires the same warnings on startup:[20220509 13:55:30 W] unknown:0 - QSslSocket: cannot resolve SSL_get_peer_certificate
[20220509 13:55:30 W] unknown:0 - QSslSocket: cannot resolve EVP_PKEY_base_idbut when I try to set the application identity:
void FemtoOpcUa::setConfiguration(QOpcUaPkiConfiguration *pkiConfig) { _pkiConfig = pkiConfig; _identity = _pkiConfig->applicationIdentity(); }it crashes with a seg fault in a lalaland of dissasembled code.
Any idea how to solve this problem?
-
@SGaist sorry to bump but this issue broke all my applications. For example one that uses
qtopcuanow fires the same warnings on startup:[20220509 13:55:30 W] unknown:0 - QSslSocket: cannot resolve SSL_get_peer_certificate
[20220509 13:55:30 W] unknown:0 - QSslSocket: cannot resolve EVP_PKEY_base_idbut when I try to set the application identity:
void FemtoOpcUa::setConfiguration(QOpcUaPkiConfiguration *pkiConfig) { _pkiConfig = pkiConfig; _identity = _pkiConfig->applicationIdentity(); }it crashes with a seg fault in a lalaland of dissasembled code.
Any idea how to solve this problem?
@Mark81 said in SSL issues after upgrading Ubuntu:
it crashes with a seg fault in a lalaland of dissasembled code.
What does the debugger say?
Is pkiConfig a valid pointer? -
@Mark81 said in SSL issues after upgrading Ubuntu:
it crashes with a seg fault in a lalaland of dissasembled code.
What does the debugger say?
Is pkiConfig a valid pointer?@jsulm Here the full scenario:
#ifndef OPCUACONFIG_H #define OPCUACONFIG_H #include <QObject> #include <QOpcUaClient> class OpcUaConfig : public QObject { Q_OBJECT public: explicit OpcUaConfig(QObject *parent = nullptr); QOpcUaPkiConfiguration *pkiConfig() { return &_pkiConfig; } private: QOpcUaPkiConfiguration _pkiConfig; void setupPkiConfiguration(); bool createPkiFolders(); bool createPkiPath(const QString &path); }; #endif // OPCUACONFIG_H#include "opcuaconfig.h" #include <QCoreApplication> #include <QHostInfo> #include <QDir> const QString ID("[OPCUA-CFG]"); OpcUaConfig::OpcUaConfig(QObject *parent) : QObject(parent) { setupPkiConfiguration(); } void OpcUaConfig::setupPkiConfiguration() { QString pkidir = QCoreApplication::applicationDirPath(); pkidir += "/pki"; _pkiConfig.setClientCertificateFile(pkidir + "/own/certs/project.der"); _pkiConfig.setPrivateKeyFile(pkidir + "/own/private/project.pem"); _pkiConfig.setTrustListDirectory(pkidir + "/trusted/certs"); _pkiConfig.setRevocationListDirectory(pkidir + "/trusted/crl"); _pkiConfig.setIssuerListDirectory(pkidir + "/issuers/certs"); _pkiConfig.setIssuerRevocationListDirectory(pkidir + "/issuers/crl"); createPkiFolders(); } bool OpcUaConfig::createPkiPath(const QString &path) { const QString msg = ID + " Creating PKI path '%1': %2"; QDir dir; return dir.mkpath(path); } bool OpcUaConfig::createPkiFolders() { bool result = createPkiPath(_pkiConfig.trustListDirectory()); if (!result) return result; result = createPkiPath(_pkiConfig.revocationListDirectory()); if (!result) return result; result = createPkiPath(_pkiConfig.issuerListDirectory()); if (!result) return result; result = createPkiPath(_pkiConfig.issuerRevocationListDirectory()); if (!result) return result; return result; }Then I pass the
OpcUaConfig::pkiConfig()to the function above.
I also added:if (pkiConfig == nullptr) { qWarning() << "Invalid config"; return; }to the
MyOpcUa::setConfiguration()function and it does not catch a null pointer.
Here the screenshot of the seg fault:
And here the "detail" of the pointer:
-
@jsulm Here the full scenario:
#ifndef OPCUACONFIG_H #define OPCUACONFIG_H #include <QObject> #include <QOpcUaClient> class OpcUaConfig : public QObject { Q_OBJECT public: explicit OpcUaConfig(QObject *parent = nullptr); QOpcUaPkiConfiguration *pkiConfig() { return &_pkiConfig; } private: QOpcUaPkiConfiguration _pkiConfig; void setupPkiConfiguration(); bool createPkiFolders(); bool createPkiPath(const QString &path); }; #endif // OPCUACONFIG_H#include "opcuaconfig.h" #include <QCoreApplication> #include <QHostInfo> #include <QDir> const QString ID("[OPCUA-CFG]"); OpcUaConfig::OpcUaConfig(QObject *parent) : QObject(parent) { setupPkiConfiguration(); } void OpcUaConfig::setupPkiConfiguration() { QString pkidir = QCoreApplication::applicationDirPath(); pkidir += "/pki"; _pkiConfig.setClientCertificateFile(pkidir + "/own/certs/project.der"); _pkiConfig.setPrivateKeyFile(pkidir + "/own/private/project.pem"); _pkiConfig.setTrustListDirectory(pkidir + "/trusted/certs"); _pkiConfig.setRevocationListDirectory(pkidir + "/trusted/crl"); _pkiConfig.setIssuerListDirectory(pkidir + "/issuers/certs"); _pkiConfig.setIssuerRevocationListDirectory(pkidir + "/issuers/crl"); createPkiFolders(); } bool OpcUaConfig::createPkiPath(const QString &path) { const QString msg = ID + " Creating PKI path '%1': %2"; QDir dir; return dir.mkpath(path); } bool OpcUaConfig::createPkiFolders() { bool result = createPkiPath(_pkiConfig.trustListDirectory()); if (!result) return result; result = createPkiPath(_pkiConfig.revocationListDirectory()); if (!result) return result; result = createPkiPath(_pkiConfig.issuerListDirectory()); if (!result) return result; result = createPkiPath(_pkiConfig.issuerRevocationListDirectory()); if (!result) return result; return result; }Then I pass the
OpcUaConfig::pkiConfig()to the function above.
I also added:if (pkiConfig == nullptr) { qWarning() << "Invalid config"; return; }to the
MyOpcUa::setConfiguration()function and it does not catch a null pointer.
Here the screenshot of the seg fault:And here the "detail" of the pointer:
@Mark81 said in SSL issues after upgrading Ubuntu:
I also added:
if (pkiConfig == nullptr)A pointer can be != nullptr but still invalid (pointing to not allocated memory). Where is setConfiguration called?
In the screen-shot I see FemtoOpcUi::setConfiguration but you write about MyOpcUa::setConfiguration()?
-
@Mark81 said in SSL issues after upgrading Ubuntu:
I also added:
if (pkiConfig == nullptr)A pointer can be != nullptr but still invalid (pointing to not allocated memory). Where is setConfiguration called?
In the screen-shot I see FemtoOpcUi::setConfiguration but you write about MyOpcUa::setConfiguration()?
@jsulm ok, so how to check if a pointer is valid? I only knew about checking if != null.
In another class I have this function:
void Engine::initMachines() { QSqlQuery query = _machines.items(); while (query.next()) { QString name = query.value("name").toString(); MyPlc *plc = new MyPlc(name); _mapPlc.insert(name, plc); QUrl url; url.setUrl(QString("opc.tcp://%1").arg(query.value("address").toString())); url.setPort(PLC_PORT); plc->setConfiguration(_opcUaConfig.pkiConfig()); plc->connectToServer(url); } }and:
class MyPlc : public QObject { Q_OBJECT public: explicit MyPlc(QString name, QObject *parent = nullptr); ~MyPlc(); void setConfiguration(QOpcUaPkiConfiguration *pkiConfig) { _opcua.setConfiguration(pkiConfig); } // ... } private: FemtoOpcUa _opcua;where
FemtoOpcUa::setConfiguration()is the function reported in the first message.Before upgrading to 22.04 all worked fine with this very same code.
-
@jsulm ok, so how to check if a pointer is valid? I only knew about checking if != null.
In another class I have this function:
void Engine::initMachines() { QSqlQuery query = _machines.items(); while (query.next()) { QString name = query.value("name").toString(); MyPlc *plc = new MyPlc(name); _mapPlc.insert(name, plc); QUrl url; url.setUrl(QString("opc.tcp://%1").arg(query.value("address").toString())); url.setPort(PLC_PORT); plc->setConfiguration(_opcUaConfig.pkiConfig()); plc->connectToServer(url); } }and:
class MyPlc : public QObject { Q_OBJECT public: explicit MyPlc(QString name, QObject *parent = nullptr); ~MyPlc(); void setConfiguration(QOpcUaPkiConfiguration *pkiConfig) { _opcua.setConfiguration(pkiConfig); } // ... } private: FemtoOpcUa _opcua;where
FemtoOpcUa::setConfiguration()is the function reported in the first message.Before upgrading to 22.04 all worked fine with this very same code.
@Mark81 said in SSL issues after upgrading Ubuntu:
@jsulm ok, so how to check if a pointer is valid? I only knew about checking if != null.
You can't. Other than maybe poking around in a debugger.
I'm not saying it will reveal much in this case, but when it crashes show the stack trace window,, which would tell us anything of interest about where what has been called from....
-
@Mark81 said in SSL issues after upgrading Ubuntu:
@jsulm ok, so how to check if a pointer is valid? I only knew about checking if != null.
You can't. Other than maybe poking around in a debugger.
I'm not saying it will reveal much in this case, but when it crashes show the stack trace window,, which would tell us anything of interest about where what has been called from....
-
@JonB sorry but where is the "stack trace" window? I only know the "call stack trace" window but as you can see above is filled of
??. -
@Mark81 said in SSL issues after upgrading Ubuntu:
I also added:
if (pkiConfig == nullptr)A pointer can be != nullptr but still invalid (pointing to not allocated memory). Where is setConfiguration called?
In the screen-shot I see FemtoOpcUi::setConfiguration but you write about MyOpcUa::setConfiguration()?
-
@jsulm ok, so how to check if a pointer is valid? I only knew about checking if != null.
In another class I have this function:
void Engine::initMachines() { QSqlQuery query = _machines.items(); while (query.next()) { QString name = query.value("name").toString(); MyPlc *plc = new MyPlc(name); _mapPlc.insert(name, plc); QUrl url; url.setUrl(QString("opc.tcp://%1").arg(query.value("address").toString())); url.setPort(PLC_PORT); plc->setConfiguration(_opcUaConfig.pkiConfig()); plc->connectToServer(url); } }and:
class MyPlc : public QObject { Q_OBJECT public: explicit MyPlc(QString name, QObject *parent = nullptr); ~MyPlc(); void setConfiguration(QOpcUaPkiConfiguration *pkiConfig) { _opcua.setConfiguration(pkiConfig); } // ... } private: FemtoOpcUa _opcua;where
FemtoOpcUa::setConfiguration()is the function reported in the first message.Before upgrading to 22.04 all worked fine with this very same code.
@Mark81 said in SSL issues after upgrading Ubuntu:
plc->setConfiguration(_opcUaConfig.pkiConfig());
What is _opcUaConfig? Was it initialized properly?
-
@Mark81 said in SSL issues after upgrading Ubuntu:
plc->setConfiguration(_opcUaConfig.pkiConfig());
What is _opcUaConfig? Was it initialized properly?
-
I think you needlessly delved into the debugger.
I came across the same bug. When upgrading ubuntu to version 22.04 LTS, I installed the current Qt 6.3.0, I got the same warnings as you.qt.network.ssl: QSslSocket: cannot resolve EVP_PKEY_base_id qt.network.ssl: QSslSocket: cannot resolve SSL_get_peer_certificateThe most simple example of code that already issues a warning:
#include <QCoreApplication> #include <QSslConfiguration> int main(int argc, char *argv[]) { QCore Application a(argc, argv); qWarning()<<"QSslSocket supportsSsl =>"<<QSslSocket::supportsSsl(); qWarning()<<"QSslSocket build version =>"<<QSslSocket::sslLibraryBuildVersionString(); qWarning()<<"QSslSocket version =>"<<QSslSocket::sslLibraryVersionString(); return a.exec(); }I checked the same code on another machine with ubuntu 21.04, there were no warnings.
The new ubuntu already has openssl 3.0.2-0ubuntu1.2 installed, while the previous ubuntu had openssl 1.1.1j installed
I believe QSslSocket incorrectly accesses the EVP_PKEY_base_id and SSL_get_peer_certificate keys -
I think you needlessly delved into the debugger.
I came across the same bug. When upgrading ubuntu to version 22.04 LTS, I installed the current Qt 6.3.0, I got the same warnings as you.qt.network.ssl: QSslSocket: cannot resolve EVP_PKEY_base_id qt.network.ssl: QSslSocket: cannot resolve SSL_get_peer_certificateThe most simple example of code that already issues a warning:
#include <QCoreApplication> #include <QSslConfiguration> int main(int argc, char *argv[]) { QCore Application a(argc, argv); qWarning()<<"QSslSocket supportsSsl =>"<<QSslSocket::supportsSsl(); qWarning()<<"QSslSocket build version =>"<<QSslSocket::sslLibraryBuildVersionString(); qWarning()<<"QSslSocket version =>"<<QSslSocket::sslLibraryVersionString(); return a.exec(); }I checked the same code on another machine with ubuntu 21.04, there were no warnings.
The new ubuntu already has openssl 3.0.2-0ubuntu1.2 installed, while the previous ubuntu had openssl 1.1.1j installed
I believe QSslSocket incorrectly accesses the EVP_PKEY_base_id and SSL_get_peer_certificate keys
