Hi, On Fri, Mar 02, 2018 at 10:04:44AM +0100, Emilio Pozuelo Monfort wrote: > Also zurl seems to need Qt with openssl 1.1, which is only in experimental > atm. > That shouldn't be a blocker for this though (we can temporarily kick it from > testing if necessary). But let's wait a bit and see.
I don't think that's necessary, as there is no direct interaction between both instances of openssl through zurl. The only code I found which uses both QSsl and OpenSSL is in src/websocket.cpp: #ifdef HAVE_OPENSSL QSslCertificate cert = sock->peerCertificate(); QByteArray der = cert.toDer(); const unsigned char *p = (const unsigned char *)der.data(); X509 *opensslCert = d2i_X509(NULL, &p, der.size()); if(opensslCert) { if(verifyhost(connectHost.toUtf8().data(), opensslCert) == CURLE_OK) hostMismatchOk = true; X509_free(opensslCert); } #endif It loads a certificate from QSsl, converts it to a DER formatted char array, and builds an OpenSSL X509 struct from that. Looks like a rather stable interface to me. I uploaded a version of zurl built against openssl 1.1 to experimental an hour ago: https://tracker.debian.org/news/937630 If somebody cares, another pair of eyes looking through the zurl source code would be appreciated, of course. Jan