Using QSslSocket with custom OpenSSL



  • I want to use QSslSocket and QSslCertificate with my latest OpenSSL build. I built OpenSSL 1.1.0 with VS2015 and added its bin directory into %PATH, also added its LIBS to my .pro file:

    LIBS += -LC:/openssl_1.1.0/lib/ -llibcrypto -llibssl
    

    When I run my application, QSslSocket::supportsSsl() returns false and QSslSocket::sslLibraryBuildVersionString() returns OpenSSL 1.0.2g 1 Mar 2016, even though I built OpenSSL 1.1.0. Also I get error messages like this:

    qt.network.ssl: QSslSocket: cannot call unresolved function SSLv23_client_method
    qt.network.ssl: QSslSocket: cannot call unresolved function SSL_CTX_new
    qt.network.ssl: QSslSocket: cannot call unresolved function SSL_library_init
    qt.network.ssl: QSslSocket: cannot call unresolved function ERR_get_error
    

    What is the problem? How can I use my built OpenSSL libraries and binaries?

    P.S. I use Windows 10, Qt 5.7, OpenSSL 1.1.0, Visual Studio 2015 Enterprise.

    Thank you



  • You cannot use the pre-built binary of Qt, you'll have to compile it yourself linking to the new OpenSSL



  • That's a lot of work! So what if I want to use what Qt offers me? Why QSslSocket::supportsSsl() returns false?


  • Moderators

    @MChelik
    Qt loads the OpenSSL libs on demand. Where the DLL name is hardcoded and the methods are resolved "manually".
    So linking against OpenSSL wont make any difference.



  • @raven-worx So why QSslSocket::supportsSsl() returns false? Lets forget about my custom OpenSSL.



  • did you add the OpenSSL path to PATH?



  • @VRonin Yes, there is libcrypto-1_1-x64.dll and libssl-1_1-x64.dll in it.


  • Moderators

    @MChelik
    on windows they are called ssleay32.dll and libeay32.dll



  • @raven-worx Since QSslSocket::sslLibraryBuildVersionString() returns "OpenSSL 1.0.2g 1 Mar 2016", I downloaded OpenSSL_1.0.2g source code and compiled it, but inside bin directory there was only openssl.exe. So I copied ssleay32.dll and libeay32.dll from C:\Qt\Tools\QtCreator\bin to C:\Windows. But still I get same error, nothing changed.
    What should I do use QSslSocket? I'm really confused. I searched a lot but nothing helped.


  • Lifetime Qt Champion

    Hi and welcome to devnet,

    Don't copy .dlls like that in the Windows folder, that's very bad practice.

    If Qt shows you a different version of OpenSSL, it likely means that you have an application that also provides these files and can be found before yours.

    I've successfully used the prebuilt packages from Shining Lights Production.

    Hope it helps


  • Moderators

    @MChelik said in Using QSslSocket with custom OpenSSL:

    So I copied ssleay32.dll and libeay32.dll from C:\Qt\Tools\QtCreator\bin to C:\Windows

    don't do that, as @SGaist said. Copy them next to your application exe instead.



  • Thank you SGaist. Copying next to application executable didn't help either.
    Gentlemen, let's forget my OpenSSL; forget everything. Just assume that I want to use QSslSocket and QSslCertificate. What should I do? Should I compile Qt myself? Should I install OpenSSL? What should I do exactly? Qt documents doesn't say any specific thing about this. Documents say only how to use mentioned two classes.
    Thank you



  • Hi, just a quick note on OpenSSL with Qt, I think because you're building a 64-bit Qt app that's why you're having problems. Because those 2 DLLs s stored in C:\Qt\Tools\QtCreator\bin are built with MSVC2013 32-bit compiler (same as for Qt Creator itself) so they are not kosher for 64-bit :-(


  • Lifetime Qt Champion

    To add to @hskoglund, the prebuilt packages I've mentioned earlier also provide "OpenSSL-Win64" which are pre-built for 64bit development.



  • @hskoglund That was my problem! I didn't pay attention to that. But I a have a question: The only libeay32.dll and ssleay32.dll files that are in my %PATH% is C:\Win64-OpenSSL\bin directory. So why my application only works when mentioned DLLs are beside my application (doesn't work when are in %PATH)?


  • Lifetime Qt Champion

    Are you sure you don't have any other application that has these libraries and that can be found in your PATH environment variable ?



  • @SGaist No, I searched my whole disk for these DLLs. Every directory that contains these DLLs is not in %PATH.


  • Lifetime Qt Champion

    How did you modify PATH ? In your Windows settings or in Qt Creator ?



  • Hi, also, they could be loaded via some other means than their directories being listed in %PATH%, either that some other dll that your .exe loads explicitly pulls in the bad (i.e. 32-bit) ones, or perhaps they're hiding in c:\windows or c:\windows\system32.

    To debug this. you could try download Dependency Walker and load your app into it. Then start profiling with F7, that'll get you a trace of all the dlls loaded.



  • This post is deleted!


  • This post is deleted!


  • Using Qt5.7+msvc2015+W8

    Solved, in Qt_naming dll respect, without openssl compilation :
    http://www.npcglib.org/~stathis/downloads/openssl-1.0.1t-vs2015.7z



  • @SGaist I modified it via Windows settings and I don't know even khow how to change %PATH in Qt. Can you tell me? ( ͡° ͜ʖ ͡°)
    @hskoglund I'll try it at work. Thank you for your solution.


  • Lifetime Qt Champion

    Not in Qt but within Qt Creator. Go to the Run part of the Project panel. There you can modify your environment for your application only.



  • @raven-worx Not any more. As of OpenSSL 1.1.0, following OpenSSL's build instructions on Windows (and with shared libraries enabled), we get:

    bin/libcrypto-1_1.dll
    bin/libssl-1_1.dll
    lib/libcrypto.lib
    lib/libssl.lib

    The names "ssleay32" and "libeay32" were deprecated. So does Qt only look for the old names despite any attempts at configuring it otherwise?

    Qt's docs on the topic, for some reason, only describe building OpenSSL for Android.


  • Lifetime Qt Champion

    @RMcFatter
    Hi and welcome to devnet,

    From a quick look at Qt's sources, it doesn't search yet for libcrypto/ssl-1_1.

    That something you should check in the bug report system to see if there's already something planned for that.



  • same problem here.

    I want to use some functions from OpenSSL which i actually can not access from the prebuilt OpenSSL Libs which are shipped with QT (libeay32.dll and ssleay32.dll);

    So i thought i can build OpenSSL on my own and link to these libs in my project. This works as expected, but i now have the coexistence of the prebuilt OpenSSL Libs and my own built libs (libcrypto-1_1.dll and libssl-1_1.dll)

    This is not a big problem, but i tghought why using these two libs together, when i can maybe use only one? So i tried to rename my own build libs to the names of the old one, but there my application is crashing whith multiple error messages:

    qt.network.ssl: QSslSocket: cannot resolve CRYPTO_num_locks
    qt.network.ssl: QSslSocket: cannot resolve CRYPTO_set_id_callback
    qt.network.ssl: QSslSocket: cannot resolve CRYPTO_set_locking_callback
    qt.network.ssl: QSslSocket: cannot resolve ERR_free_strings
    qt.network.ssl: QSslSocket: cannot resolve EVP_CIPHER_CTX_cleanup
    qt.network.ssl: QSslSocket: cannot resolve EVP_CIPHER_CTX_init
    qt.network.ssl: QSslSocket: cannot resolve sk_new_null
    qt.network.ssl: QSslSocket: cannot resolve sk_push
    qt.network.ssl: QSslSocket: cannot resolve sk_free
    qt.network.ssl: QSslSocket: cannot resolve sk_num
    qt.network.ssl: QSslSocket: cannot resolve sk_pop_free
    qt.network.ssl: QSslSocket: cannot resolve sk_value
    qt.network.ssl: QSslSocket: cannot resolve SSL_library_init
    qt.network.ssl: QSslSocket: cannot resolve SSL_load_error_strings
    qt.network.ssl: QSslSocket: cannot resolve SSL_get_ex_new_index
    qt.network.ssl: QSslSocket: cannot resolve SSLv3_client_method
    qt.network.ssl: QSslSocket: cannot resolve SSLv23_client_method
    qt.network.ssl: QSslSocket: cannot resolve SSLv3_server_method
    qt.network.ssl: QSslSocket: cannot resolve SSLv23_server_method
    qt.network.ssl: QSslSocket: cannot resolve X509_STORE_CTX_get_chain
    qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_noconf
    qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_conf
    qt.network.ssl: QSslSocket: cannot resolve SSLeay
    qt.network.ssl: QSslSocket: cannot resolve SSLeay_version
    qt.network.ssl: QSslSocket: cannot call unresolved function SSLeay
    qt.network.ssl: QSslSocket: cannot call unresolved function CRYPTO_num_locks
    qt.network.ssl: QSslSocket: cannot call unresolved function CRYPTO_set_id_callback
    qt.network.ssl: QSslSocket: cannot call unresolved function CRYPTO_set_locking_callback
    qt.network.ssl: QSslSocket: cannot call unresolved function SSL_library_init
    qt.network.ssl: QSslSocket: cannot call unresolved function SSLv23_client_method
    qt.network.ssl: QSslSocket: cannot call unresolved function sk_num
    

    Then i found this Thread here and hoped to get the solution, but no, like @SGaist said. So i think i have to wait for an updated Qt version so that i can replace the files. Or could it be the better solution to built Qt on my own with own OpenSSL Support? if yes, is there a good Tutorial? Or can i use ALL the OpenSSL Functions with the prebuilt OpenSSL in Qt? If yes, a little example would be nice, because i don't got it.


  • Lifetime Qt Champion

    You can build Qt with the -openssl-linked option and point configure to your self-built version of OpenSSL.



  • @SGaist said in Using QSslSocket with custom OpenSSL:

    You can build Qt with the -openssl-linked option and point configure to your self-built version of OpenSSL.

    i tried it that way, but buildung QT 5.7 with OpenSSL 1.1.0b ist not supported till QT 5.9 because in OpenSSL are some changes done, so that building QT 5.7 with that new OpenSSL version did not work. See here: https://bugreports.qt.io/browse/QTBUG-52905

    Then i tried it with an older version of OpenSSL (1.0.2j) - this works.

    But what ist the difference between building Qt gainst OpenSSL with -openssl on running the configure-command and to link against the OpenSSL headers and libs and build it inside the Project? If i build against OpenSSL i have to include the headers anyway to work with the libs if i want to use the OpenSSL specific stuff.

    And i noticed that i can replace the built in OpenSSL libs with the own build one. So it would be much simpler to include the ehaders of OpenSSL via INCLUDEPATH. So i get OpenSSL support = true on output of: qDebug() << QSslSocket::supportsSsl();

    And if print out his i got the Output which i wrote behind:
    qDebug() << QSslSocket::sslLibraryBuildVersionString(); // OpenSSL 1.0.2g 1 Mar 2016
    qDebug() << QSslSocket::sslLibraryVersionString(); // OpenSSL 1.0.2j 26 Sep 2016

    Why is the first one at all time: OpenSSL 1.0.2g 1 Mar 2016 - This i got, too if i build Qt at own and link against OpenSSL 1.0.2j??


  • Lifetime Qt Champion

    It's in the docs:
    sslLibraryBuildVersionString is returning the version of the OpenSSL library used when building Qt.
    sslLibraryVersionString is returning the version of the OpenSSL library used at run time.

    By default OpenSSL is dlopened because some countries have restrictions about encryption related software and OpenSSL can't be distributed just like that.



  • Thanks! But why are my versions different?
    I build Qt with OpenSSL 1.0.2j, so both outputs must be the same or not?


  • Lifetime Qt Champion

    Silly question but are you sure that you are using your self-build Qt in your kit ?



  • @SGaist said in Using QSslSocket with custom OpenSSL:

    Silly question but are you sure that you are using your self-build Qt in your kit ?

    yes :)
    could it have to do with Qt-Creator, which was build with another version?


  • Lifetime Qt Champion

    No, the Qt version used to build Qt Creator doesn't affect any any way the Qt version you are using with your kit.

    Do you have another OpenSSL version installed on your system ?



  • @SGaist said in Using QSslSocket with custom OpenSSL:

    on used to bui

    no not installed like the precompiled OpenSSL Libraries. I searched the whole PC (Windows) for OpenSSL and libeay32.dll. I found many applications which are using OpenSSL but only one Application uses the specific OpenSSL version OpenSSL 1.0.2g 1 Mar 2016 i posted above. This Application is Adobe Lightroom.

    Could this be the problem on building Qt that some shipped libeay32.dlls are used on build process?



  • @SGaist Sorry, i have the same problem.
    When i print:
    qDebug() << QSslSocket::supportsSsl(); ==> false
    qDebug() << QSslSocket::sslLibraryBuildVersionString(); ==> "OpenSSL 1.0.2g 1 Mar 2016"
    qDebug() << QSslSocket::sslLibraryVersionString(); ==> ""

    and i obtain these messages:
    qt.network.ssl: QSslSocket: cannot call unresolved function SSLv23_client_method
    qt.network.ssl: QSslSocket: cannot call unresolved function SSL_CTX_new
    qt.network.ssl: QSslSocket: cannot call unresolved function SSL_library_init
    qt.network.ssl: QSslSocket: cannot call unresolved function ERR_get_error
    qt.network.ssl: QSslSocket: cannot call unresolved function ERR_get_error

    I have instaled only Qt 5.7 on Windows 7 32. What can i do?
    Thanks


  • Lifetime Qt Champion

    Hi,

    Do you have OpenSSL installed ? Built with the same compiler as Qt ? In a folder known to your application ?



  • @SGaist No, no and no. Ohhhh. i'll try to build the libraries.

    Sorry, thanks.


  • Lifetime Qt Champion

    You can find here prebuilt versions of OpenSSL for various compilers.



  • @SGaist Thank you for the link. I was trying to build the libraries and I'm going crazy.

    I have Qt 5.7.0 on a Windows 7 32 bits, which instalation should be correct?. I think "Win32 OpenSSL v1.1.0c". Is it ok?.

    Thanks again.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.