5 files changed, 245 insertions, 6 deletions

diff --git a/net/qt4-network/Makefile b/net/qt4-network/Makefile
index f23c8767edc5..37712c7d033b 100644
--- a/net/qt4-network/Makefile
+++ b/net/qt4-network/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	network
 DISTVERSION=	${QT4_VERSION}
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	net ipv6
 PKGNAMEPREFIX=	qt4-
 
@@ -13,9 +13,6 @@ COMMENT=	Qt network module
 LICENSE=	GPLv3 LGPL21 LGPL3 GFDL
 LICENSE_COMB=	dual
 
-BROKEN_SSL=	openssl-devel
-BROKEN_SSL_REASON_openssl-devel=	error: member access into incomplete type 'RSA' (aka 'rsa_st')
-
 RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
 
 USES=		qmake:no_env qt-dist:4 ssl
diff --git a/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp b/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp
new file mode 100644
index 000000000000..04ea2b7216e4
--- /dev/null
+++ b/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp
@@ -0,0 +1,80 @@
+--- src/network/ssl/qsslcertificate.cpp.orig	2015-05-07 14:14:44 UTC
++++ src/network/ssl/qsslcertificate.cpp
+@@ -260,8 +260,13 @@ QByteArray QSslCertificate::version() co
+ {
+     QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
+     if (d->versionString.isEmpty() && d->x509)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	d->versionString =
++	    QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
++#else
+         d->versionString =
+             QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
++#endif
+ 
+     return d->versionString;
+ }
+@@ -276,7 +281,11 @@ QByteArray QSslCertificate::serialNumber
+ {
+     QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
+     if (d->serialNumberString.isEmpty() && d->x509) {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
++#else
+         ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
++#endif
+         // if we cannot convert to a long, just output the hexadecimal number
+         if (serialNumber->length > 4) {
+             QByteArray hexString;
+@@ -489,19 +498,37 @@ QSslKey QSslCertificate::publicKey() con
+     QSslKey key;
+ 
+     key.d->type = QSsl::PublicKey;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    EVP_PKEY *pkey = q_X509_get_pubkey(d->x509);
++#else
+     X509_PUBKEY *xkey = d->x509->cert_info->key;
+     EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
++#endif
+     Q_ASSERT(pkey);
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey));
++
++    if (keyType == EVP_PKEY_RSA) {
++#else
+     if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
++#endif
+         key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
+         key.d->algorithm = QSsl::Rsa;
+         key.d->isNull = false;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    } else if (keyType == EVP_PKEY_DSA) {
++#else
+     } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
++#endif
+         key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
+         key.d->algorithm = QSsl::Dsa;
+         key.d->isNull = false;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    } else if (keyType == EVP_PKEY_DH) {
++#else
+     } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
++#endif
+         // DH unsupported
+     } else {
+         // error?
+@@ -698,8 +725,13 @@ QSslCertificate QSslCertificatePrivate::
+     if (!x509 || !QSslSocket::supportsSsl())
+         return certificate;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    const ASN1_TIME *nbef = q_X509_get0_notBefore(x509);
++    const ASN1_TIME *naft = q_X509_get0_notAfter(x509);
++#else
+     ASN1_TIME *nbef = q_X509_get_notBefore(x509);
+     ASN1_TIME *naft = q_X509_get_notAfter(x509);
++#endif
+     certificate.d->notValidBefore = q_getTimeFromASN1(nbef);
+     certificate.d->notValidAfter = q_getTimeFromASN1(naft);
+     certificate.d->null = false;
diff --git a/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp b/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp
new file mode 100644
index 000000000000..db40bee7189c
--- /dev/null
+++ b/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp
@@ -0,0 +1,16 @@
+--- src/network/ssl/qsslkey.cpp.orig	2015-05-07 14:14:44 UTC
++++ src/network/ssl/qsslkey.cpp
+@@ -321,8 +321,13 @@ int QSslKey::length() const
+ {
+     if (d->isNull)
+         return -1;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++    return (d->algorithm == QSsl::Rsa)
++	   ? q_RSA_bits(d->rsa) : q_DSA_bits(d->dsa);
++#else
+     return (d->algorithm == QSsl::Rsa)
+            ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
++#endif
+ }
+ 
+ /*!
diff --git a/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp b/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
index df7de3efdb0f..e47129749d4a 100644
--- a/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
+++ b/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
@@ -1,8 +1,31 @@
 * Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols
 *
+ 
 --- src/network/ssl/qsslsocket_openssl.cpp.orig	2015-05-07 14:14:44 UTC
 +++ src/network/ssl/qsslsocket_openssl.cpp
-@@ -267,9 +267,13 @@ init_context:
+@@ -222,9 +222,12 @@ QSslCipher QSslSocketBackendPrivate::QSs
+             ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
+         ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+         ciph.d->bits = cipher->strength_bits;
+         ciph.d->supportedBits = cipher->alg_bits;
+-
++#else
++        ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
++#endif
+     }
+     return ciph;
+ }
+@@ -260,16 +263,20 @@ bool QSslSocketBackendPrivate::initSslCo
+ init_context:
+     switch (configuration.protocol) {
+     case QSsl::SslV2:
+-#ifndef OPENSSL_NO_SSL2
++#if OPENSSL_VERSION_NUMBER <= 0x1010000L && !defined(OPENSSL_NO_SSL2)
+         ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
+ #else
+         ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error
  #endif
          break;
      case QSsl::SslV3:
@@ -17,7 +40,7 @@
      case QSsl::TlsV1SslV3: // SslV2 will be disabled below
      case QSsl::AnyProtocol:
      default:
-@@ -297,8 +301,10 @@ init_context:
+@@ -297,8 +304,10 @@ init_context:
  
      // Enable bug workarounds.
      long options;
@@ -29,3 +52,31 @@
      else
          options = SSL_OP_ALL;
  
+@@ -363,7 +372,7 @@ init_context:
+         //
+         // See also: QSslContext::fromConfiguration()
+         if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
+-            q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
++            q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
+         }
+     }
+ 
+@@ -659,13 +668,11 @@ void QSslSocketPrivate::resetDefaultCiph
+     STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
+     for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
+         if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
+-            if (cipher->valid) {
+-                QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
+-                if (!ciph.isNull()) {
+-                    if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
+-                        ciphers << ciph;
+-                }
+-            }
++	    QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
++	    if (!ciph.isNull()) {
++               if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
++		    ciphers << ciph;
++	    }
+         }
+     }
+ 
diff --git a/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h b/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h
new file mode 100644
index 000000000000..ac0011f15d8b
--- /dev/null
+++ b/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h
@@ -0,0 +1,95 @@
+--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig	2015-05-07 14:14:44 UTC
++++ src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -218,6 +218,9 @@ void q_CRYPTO_set_locking_callback(void 
+ void q_CRYPTO_set_id_callback(unsigned long (*a)());
+ void q_CRYPTO_free(void *a);
+ void q_DSA_free(DSA *a);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++int q_DSA_bits(DSA *a);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ // 0.9.8 broke SC and BC by changing this function's signature.
+ X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c);
+@@ -227,12 +230,18 @@ X509 *q_d2i_X509(X509 **a, unsigned char
+ char *q_ERR_error_string(unsigned long a, char *b);
+ unsigned long q_ERR_get_error();
+ const EVP_CIPHER *q_EVP_des_ede3_cbc();
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++const EVP_MD *q_EVP_sha1();
++#endif
+ int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c);
+ int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b);
+ int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b);
+ void q_EVP_PKEY_free(EVP_PKEY *a);
+ RSA *q_EVP_PKEY_get1_RSA(EVP_PKEY *a);
+ DSA *q_EVP_PKEY_get1_DSA(EVP_PKEY *a);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++int q_EVP_PKEY_base_id(EVP_PKEY *a);
++#endif
+ int q_EVP_PKEY_type(int a);
+ EVP_PKEY *q_EVP_PKEY_new();
+ int q_i2d_X509(X509 *a, unsigned char **b);
+@@ -258,6 +267,9 @@ int q_PEM_write_bio_RSA_PUBKEY(BIO *a, R
+ void q_RAND_seed(const void *a, int b);
+ int q_RAND_status();
+ void q_RSA_free(RSA *a);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++int q_RSA_bits(RSA *a);
++#endif
+ int q_sk_num(STACK *a);
+ void q_sk_pop_free(STACK *a, void (*b)(void *));
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
+@@ -270,6 +282,9 @@ char * q_sk_value(STACK *a, int b);
+ int q_SSL_accept(SSL *a);
+ int q_SSL_clear(SSL *a);
+ char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c);
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++int q_SSL_CIPHER_get_bits(SSL_CIPHER *a, int *b);
++#endif
+ int q_SSL_connect(SSL *a);
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ // 0.9.8 broke SC and BC by changing this function's signature.
+@@ -293,6 +308,7 @@ int q_SSL_CTX_use_certificate_file(SSL_C
+ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
+ int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
+ int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
++X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
+ void q_SSL_free(SSL *a);
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ // 0.9.8 broke SC and BC by changing this function's signature.
+@@ -353,6 +369,9 @@ void *q_ASN1_dup(i2d_of_void *i2d, d2i_o
+ #else
+ X509 *q_X509_dup(X509 *a);
+ #endif
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len);
++#endif
+ ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a);
+ void q_X509_free(X509 *a);
+ X509_EXTENSION *q_X509_get_ext(X509 *a, int b);
+@@ -360,6 +379,13 @@ int q_X509_get_ext_count(X509 *a);
+ void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d);
+ X509_NAME *q_X509_get_issuer_name(X509 *a);
+ X509_NAME *q_X509_get_subject_name(X509 *a);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++long q_X509_get_version(X509 *a);
++ASN1_INTEGER *q_X509_get_serialNumber(X509 *a);
++EVP_PKEY *q_X509_get_pubkey(X509 *a);
++const ASN1_TIME *q_X509_get0_notBefore(X509 *a);
++const ASN1_TIME *q_X509_get0_notAfter(X509 *a);
++#endif
+ int q_X509_verify_cert(X509_STORE_CTX *ctx);
+ int q_X509_NAME_entry_count(X509_NAME *a);
+ X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b);
+@@ -399,7 +425,11 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign
+ 		PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
+ 			bp,(char *)x,enc,kstr,klen,cb,u)
+ #endif
++#if OPENSSL_VERSION_NUMBER <= 0x10100000L
+ #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
++#else
++unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
++#endif
+ #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
+ #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
+ #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))