Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. Force system QT libraries to use openssl libraries shipped with the application
QtWS25 Last Chance

Force system QT libraries to use openssl libraries shipped with the application

Scheduled Pinned Locked Moved Unsolved General and Desktop
opensslcompileqcoreapplicatioqlibrary
5 Posts 4 Posters 2.4k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    N Offline
    NulledPointer
    wrote on last edited by NulledPointer
    #1

    I asked this here -> https://stackoverflow.com/questions/44814689/force-system-qt-libraries-to-use-openssl-libraries-shipped-with-the-application


    My application = libssl.so (1.0.2f) + libcrypto.so (1.0.2f) + my_app_exe

    On Debian 9, QT version is 5.7 and openssl is 1.0.2l

    my_app_exe returns 1.0.2l for QSslSocket::sslLibraryVersionString(), which means its using system openssl version.

    Can I force QT libraries to somehow use openssl shipped along with my application?

    I've tried setting library path using QCoreApplication::addLibraryPath(const QString &path), but QT library still picks up system openssl version.

    Constraints:

    Can't recompile QT library thats present on the system
    Can't ship QT library along with the application
    Can't change RPATH on system QT libraries
    my_app_exe already uses RPATH which points to the current directory where shipped openssl resides.

    JKSHJ 1 Reply Last reply
    0
    • N NulledPointer

      I asked this here -> https://stackoverflow.com/questions/44814689/force-system-qt-libraries-to-use-openssl-libraries-shipped-with-the-application


      My application = libssl.so (1.0.2f) + libcrypto.so (1.0.2f) + my_app_exe

      On Debian 9, QT version is 5.7 and openssl is 1.0.2l

      my_app_exe returns 1.0.2l for QSslSocket::sslLibraryVersionString(), which means its using system openssl version.

      Can I force QT libraries to somehow use openssl shipped along with my application?

      I've tried setting library path using QCoreApplication::addLibraryPath(const QString &path), but QT library still picks up system openssl version.

      Constraints:

      Can't recompile QT library thats present on the system
      Can't ship QT library along with the application
      Can't change RPATH on system QT libraries
      my_app_exe already uses RPATH which points to the current directory where shipped openssl resides.

      JKSHJ Offline
      JKSHJ Offline
      JKSH
      Moderators
      wrote on last edited by
      #2

      Hi, and welcome to the Qt Dev Net!

      @NulledPointer said in Force system QT libraries to use openssl libraries shipped with the application:

      Can I force QT libraries to somehow use openssl shipped along with my application?

      May I ask why you want to do that?

      OpenSSL is a security library. Old versions can contain known, exploitable security holes, so it sounds like a good idea to use the latest version whenever it's available. This way, when the end user upgrades OpenSSL on their system, your Qt application will automatically pick up the new OpenSSL.

      Qt Doc Search for browsers: forum.qt.io/topic/35616/web-browser-extension-for-improved-doc-searches

      ThirdStrandT 1 Reply Last reply
      1
      • JKSHJ JKSH

        Hi, and welcome to the Qt Dev Net!

        @NulledPointer said in Force system QT libraries to use openssl libraries shipped with the application:

        Can I force QT libraries to somehow use openssl shipped along with my application?

        May I ask why you want to do that?

        OpenSSL is a security library. Old versions can contain known, exploitable security holes, so it sounds like a good idea to use the latest version whenever it's available. This way, when the end user upgrades OpenSSL on their system, your Qt application will automatically pick up the new OpenSSL.

        ThirdStrandT Offline
        ThirdStrandT Offline
        ThirdStrand
        wrote on last edited by
        #3

        @JKSH One would do this to ensure that the libraries used are the proper libraries which are expected in the program. In much the same way as we deploy the appropriate versions of Qt libraries, why not use a KNOWN library when deploying the libssl and libcrypto libraries?

        This has become the bane of my existence, and I am here in search of WHY it will work when it is in QtCreator and NOT work when deployed with the EXACT same loaded library files.

        By way of venting, this old question gets some new life. I have seen many "answers" which usually consist of "The user should install....", which anyone who has ever actually deployed retail software knows is an absolute NIGHTMARE.

        Witness ProtonVPN! This commercial application is deployed with a specific (v1.1.1j) set of OpenSSL libraries. Why? Because it is developed with that version and is tested with that version. Why opt to allow the end user to change the libraries and break your application at will? That's just self-defeating.

        To any who subjected themselves to this answer, "Thank you for comiserating."

        JKSHJ D 2 Replies Last reply
        0
        • ThirdStrandT ThirdStrand

          @JKSH One would do this to ensure that the libraries used are the proper libraries which are expected in the program. In much the same way as we deploy the appropriate versions of Qt libraries, why not use a KNOWN library when deploying the libssl and libcrypto libraries?

          This has become the bane of my existence, and I am here in search of WHY it will work when it is in QtCreator and NOT work when deployed with the EXACT same loaded library files.

          By way of venting, this old question gets some new life. I have seen many "answers" which usually consist of "The user should install....", which anyone who has ever actually deployed retail software knows is an absolute NIGHTMARE.

          Witness ProtonVPN! This commercial application is deployed with a specific (v1.1.1j) set of OpenSSL libraries. Why? Because it is developed with that version and is tested with that version. Why opt to allow the end user to change the libraries and break your application at will? That's just self-defeating.

          To any who subjected themselves to this answer, "Thank you for comiserating."

          JKSHJ Offline
          JKSHJ Offline
          JKSH
          Moderators
          wrote on last edited by JKSH
          #4

          @ThirdStrand said in Force system QT libraries to use openssl libraries shipped with the application:

          I am here in search of WHY it will work when it is in QtCreator and NOT work when deployed with the EXACT same loaded library files.

          Can you clarify what you mean by "not work"?

          • If you mean "It doesn't load OpenSSL", then check that you have deployed all libraries correctly (including the OpenSSL ones). See https://wiki.qt.io/Deploy_an_Application_on_Windows -- it is written for Windows but the principles apply to Linux too.
          • If you mean "It loads OpenSSL from a different location", then you'll need to look at how the OS sets library loading priorities.

          Either way, if you would like further assistance, please provide more details of how it fails to work, how you've deployed it, and your OS and Qt versions.

          Qt Doc Search for browsers: forum.qt.io/topic/35616/web-browser-extension-for-improved-doc-searches

          1 Reply Last reply
          1
          • ThirdStrandT ThirdStrand

            @JKSH One would do this to ensure that the libraries used are the proper libraries which are expected in the program. In much the same way as we deploy the appropriate versions of Qt libraries, why not use a KNOWN library when deploying the libssl and libcrypto libraries?

            This has become the bane of my existence, and I am here in search of WHY it will work when it is in QtCreator and NOT work when deployed with the EXACT same loaded library files.

            By way of venting, this old question gets some new life. I have seen many "answers" which usually consist of "The user should install....", which anyone who has ever actually deployed retail software knows is an absolute NIGHTMARE.

            Witness ProtonVPN! This commercial application is deployed with a specific (v1.1.1j) set of OpenSSL libraries. Why? Because it is developed with that version and is tested with that version. Why opt to allow the end user to change the libraries and break your application at will? That's just self-defeating.

            To any who subjected themselves to this answer, "Thank you for comiserating."

            D Offline
            D Offline
            DerReisende
            wrote on last edited by
            #5

            @ThirdStrand said in Force system QT libraries to use openssl libraries shipped with the application:

            @JKSH One would do this to ensure that the libraries used are the proper libraries which are expected in the program. In much the same way as we deploy the appropriate versions of Qt libraries, why not use a KNOWN library when deploying the libssl and libcrypto libraries?

            If you want to use known libraries in your app without the possibility of user interference you should probably use static libraries and not dynamic. Because even if the other libraries are not in the system path there is always at least one user who might want to exchange your library with another one - perhaps optimized for his computer ;) Had this a couple of times on windows with DLLs and a lot with java apps where users just replaced „outdated“ libraries.

            This has become the bane of my existence, and I am here in search of WHY it will work when it is in QtCreator and NOT work when deployed with the EXACT same loaded library files.

            I didn‘t see your used OS but I could imagine that Qt Creator uses LD_PRELOAD mechanism to ensure that the specific libs are loaded first. This at least should work an Linux, I don‘t know any trick for that on windows. AFAIK macOS offers a similar mechanism to Linux.

            By way of venting, this old question gets some new life. I have seen many "answers" which usually consist of "The user should install....", which anyone who has ever actually deployed retail software knows is an absolute NIGHTMARE.

            Witness ProtonVPN! This commercial application is deployed with a specific (v1.1.1j) set of OpenSSL libraries. Why? Because it is developed with that version and is tested with that version. Why opt to allow the end user to change the libraries and break your application at will? That's just self-defeating.

            Still this doesn‘t prevent the user from changing the libs themselves. And given the fact that the build environment doesn‘t often change it might very well be that they will be shipping an „outdated“ version - because the app was developed with it - and tested. When I worked on Air Traffic Control Software we almost never updated our libraries - because they were „tested“.

            As I said earlier: If you want to prevent user modification use static linking. This way the size of your deployed app will also shrink.
            But be sure to check possible licensing restrictions.

            1 Reply Last reply
            1

            • Login

            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Users
            • Groups
            • Search
            • Get Qt Extensions
            • Unsolved