Does Qt 5.15 support OpenSSL 3.x?

SGaist

@julianoes hi,

If the support has been backported, then you have to get the corresponding (or later) sources and build Qt yourself. Depending on the distribution you use, its own Qt version may already be patched to support OpenSSL v3.

QuantumTransistor

I tried compiling the open-source Qt 5.15.10 with OpenSSL 3.1.1 in Windows 11 (VS 2022) using:

-openssl-runtime OPENSSL_INCDIR="C:\Path\Tp\OpenSSL\3.1.1\include"

in the configure call. Compiling Qt worked fine, but at run time, QSslSocket::sslLibraryBuildVersionString() returns

Qt OpenSSL build version: "OpenSSL 3.1.1 30 May 2023"
[2023-07-18 8:34:19.625][W][qt.network.ssl] `anonymous-namespace'::qsslSocketCannotResolveSymbolWarning():132 - QSslSocket: cannot resolve EVP_PKEY_base_id
[2023-07-18 8:34:19.625][W][qt.network.ssl] `anonymous-namespace'::qsslSocketCannotResolveSymbolWarning():132 - QSslSocket: cannot resolve SSL_get_peer_certificate

I'm still not sure if OpenSSL 3.x is fundamentally incompatible with Qt 5.15.x, or if other changes are needed.

(Note, I followed the same compiling and linking steps which work with Qt 5.15.x and OpenSSL 1.1.1).

Taytoo

@QuantumTransistor I link with openssl statically and also use vcpkg to manage external libraries - makes it really easy to update libraries in few simple commands.

Anyway, you need to specify path to library and header files e.g. part of my configure command:

-openssl-linked OPENSSL_LIBS="-llibssl -llibcrypto -lws2_32 -lAdvapi32 -lCrypt32 -lUser32" -I C:\Dev\vcpkg\installed\x86-windows-static\include -I C:\Dev\vcpkg\installed\x86-windows-static\include\openssl -L C:\Dev\vcpkg\installed\x86-windows-static\lib

julianoes

@SGaist said in Does Qt 5.15 support OpenSSL 3.x?:

Depending on the distribution you use, its own Qt version may already be patched to support OpenSSL v3.

That's an interesting comment. Thanks @SGaist. So far, we always downloaded Qt using the installer and used that to build. Depending on the OS (ubuntu 22.04) one tended to be tricky and the wrong version but I might give that a try.

It's a shame that Qt doesn't make a patch release to fixup something security related like that.

JKSH

@julianoes said in Does Qt 5.15 support OpenSSL 3.x?:

It's a shame that Qt doesn't make a patch release to fixup something security related like that.

Qt 5.15 has reached end-of-life (see https://www.qt.io/blog/qt-5.15-support-ends ). When security is important, use an actively-maintained version. Qt 6.5 uses OpenSSL 3 by default.

QuantumTransistor

Thanks @Taytoo, I'll give static linking a try. Which version of Qt are you using? This bug report gives a patch for using 5.15.9 with OpenSSL 3. I'm using 5.15.10 (the latest available open-source), and not sure if a similar patch is still needed.

QuantumTransistor

Following the suggestion from @Taytoo, I got Qt5.15.10 and OpenSSL 3.1.1 to work correctly for my application.

OpenSSL configure settings were:

-openssl-linked OPENSSL_INCDIR="C:\Path\To\OpenSSL\3.1.1\include" OPENSSL_LIBDIR="C:\Path\To\OpenSSL\3.1.1\lib\VC\static" OPENSSL_LIBS="-lWs2_32 -lGdi32 -lAdvapi32 -lCrypt32 -lUser32" OPENSSL_LIBS_DEBUG="-llibssl64MDd -llibcrypto64MDd" OPENSSL_LIBS_RELEASE="-llibssl64MD -llibcrypto64MD"

Still a bit puzzled why -openssl-runtime doesn't work, but I'll keep trying now that I know the codes are compatible.

Taytoo

@QuantumTransistor I've never linked with openssl dynamically, so can't really help with that. Try changing Lib path to point towards .so/.dll files instead and see if that works.

seyed

I used OpenSSL 3 to build Qt 5.15.10 successfully, but at runtime, I faced problems:

qt.network.ssl: QSslSocket: cannot resolve EVP_PKEY_base_id
qt.network.ssl: QSslSocket: cannot resolve SSL_get_peer_certificate
Build version: "OpenSSL 3.1.1 30 May 2023"
Run version: "OpenSSL 3.1.1 30 May 2023"
Supports SSL: true

Finally, porting changes from Qt 6 to 5 results in a successful build and run. 🎉
Read my gist for steps

QuantumTransistor

@seyed - I used the patch from your gist and was able to successfully build and use Qt 5.15.10 with OpenSSL 3.1.2 using -openssl-runtime. Thanks!! 🎉

ocgltd

I hope to avoid rebuilding Qt + patches. Will Qt release a 5.15.x update that will allow compilation against openssl 3 ?

SGaist

@ocgltd if memory serves well, the 5.15 LTS has support for OpenSSL 3 so it should eventually come to be.

You might want to check the KDE patch set for Qt.

QuantumTransistor

@ocgltd according to a comment on this bug report, OpenSSL 3 is supported with Qt 5.15.13 onwards. If you are using the open-source version, this should be available 9 March 2024 (one year after the commercial release date).

piervalli

@QuantumTransistor
Openssl works with 5.15.13 (open source) but we need to compiare with c++17

SGaist

@piervalli what issue do you have with C++17 ?
Qt 5 requires C++11 and OpenSSL is C.

piervalli

@SGaist
The issue is with Qt 5.15.13 and build by source I haved setted c++17 for that error.
text\qlocale_win.cpp:498:60: error: 'size' is not a member of 'std'

I used Mingw 8.1

JonB

@piervalli
Since https://en.cppreference.com/w/cpp/iterator/size states that C++17 onward is required for std::size() it ought be present. (You might show line #498 of text\qlocale_win.cpp so we know what the call looks like.) That implies either you are not setting for C++17 correctly or the MinGW does not have correct support for it. You might look in the appropriate std::... header file to see what is/is not there for this.

piervalli

@JonB Thanks

JonB

@piervalli
Hang on, I see a problem!

Go to that cppreference page. Look at the sample code. Go pick the various c++17 compilers it offers. With GCC 13.1 (C++17) it compiles fine. But with GCC 5.2 (C++17) I get the same error as you show.

So which gcc is the MinGW supposed to emulate? You can go to https://godbolt.org/ and play with selecting different compilers, they include MinGW choices. The oldest they have is MinGW gcc 11.3.0, that seems to work (only errors on std::ssize() in that code, which requires C++20, fair enough).