1

I am working with Qt 5.2. I am using QNetworkAccessManager to make some posts to a web (without encryption). Now I have to verify a signature of message (That message has nothing to do with the post and QNetworkAccessManager, they are completly separated).

Both parts of code work fine separately, but when they come together the application crashes. If I add the OpenSSL to the application and I call a QNetworkAccessManager::post then it fails. The program pointer is in OPENSSL_sk_pop_free and it crashes after a QNetworkAccessManager::post call.

The code:

//#define OPENSSL

#include <QNetworkAccessManager>
#include <QNetworkRequest>
#include <openssl/bio.h>

#if defined(OPENSSL)
#define USE_SHA1
bool validateLicense()
{
    BIO* bio = BIO_new(BIO_s_mem());

    BIO_free(bio);

    return true;
}
#endif


int main() {
    QNetworkAccessManager* manager = new QNetworkAccessManager();

    QNetworkRequest request;
    request.setUrl(QUrl("http:\\192.168.0.1"));
    request.setHeader(QNetworkRequest::ContentTypeHeader, QVariant("application/json"));

    QString com("{\"hello world\"}");

    QByteArray data(com.toLocal8Bit());

    qDebug() << Q_FUNC_INFO << "data to POST" << com;

    manager->post(request, data);

#if defined(OPENSSL)
    validateLicense();
#endif
}

The .pro file:

QT += core network
QT -= gui

CONFIG += c++11

TARGET = console
CONFIG += console
CONFIG -= app_bundle

TEMPLATE = app

SOURCES += main.cpp

#
# libcrypto
#
LIBS += $$[OPENSSL_INSTALL_ROOT]/libcrypto.a

If I uncomment the #define OPENSSL the application crashes in line manager->post(request, data);.

How can I disable the OpenSSL in QNetworkAccessManager to avoid the application crash?

JMA
  • 494
  • 2
  • 13
  • 1
    Can you post Minimal, Complete, and Verifiable example https://stackoverflow.com/help/mcve or can you show us the code and context in which this happens ? – Adrien Leravat Mar 20 '17 at 13:10
  • I believe QT depends on OpenSSL for its Crypto and SSL gear. If you disable OpenSSL, then you probably won't be able to verify the signature. – jww Mar 20 '17 at 13:13
  • @jww I verify the signature by calling the OpenSLL library directly, without any Qt classes. – JMA Mar 20 '17 at 13:54
  • Well, I can't answer the Qt part since I'm not a Qt user. Sorry about that. Regarding the bad interaction between Qt's version of OpenSSL and your version of OpenSSL, I *think* the way to proceed is a wrapper shared object like Android needs to avoid problems with Zygote's down level version of OpenSSL. For that discussion, see [OpenSSL and Android | Wrapper Shared Objects](https://wiki.openssl.org/index.php/Android#Wrapper_Shared_Objects) on the OpenSSL wiki – jww Mar 20 '17 at 14:36
  • @JMA The question is not very clear but I suspect something like: http://stackoverflow.com/questions/14277694/suppressing-ssl-errors – Alexander V Mar 21 '17 at 04:09

0 Answers0