Bug 1042658

It's WIP known issue on upstream https://bugreports.qt.io/browse/QTBUG-52905 , targeting to qt 5.10(or 5.9 minor update later), thus it's not going to work on 5.7. Is openssl 1.0/1.1 can co-installable on system? if so we might try build qtbase with 1.0 only.

(In reply to Max Lin from comment #1)
> It's WIP known issue on upstream https://bugreports.qt.io/browse/QTBUG-52905
> , targeting to qt 5.10(or 5.9 minor update later), thus it's not going to
> work on 5.7. Is openssl 1.0/1.1 can co-installable on system? if so we might
> try build qtbase with 1.0 only.

Forget to put the link https://bugreports.qt.io/browse/QTBUG-52905

(In reply to Max Lin from comment #1)
> It's WIP known issue on upstream https://bugreports.qt.io/browse/QTBUG-52905
> , targeting to qt 5.10(or 5.9 minor update later), thus it's not going to
> work on 5.7. Is openssl 1.0/1.1 can co-installable on system? if so we might
> try build qtbase with 1.0 only.

It is co-installable for now. But we will most likely kill the 1.0.0 in a couple of months really.

I tried https://build.opensuse.org/package/show/home:mlin7442:boo1042658/libqt5-qtbase to built a version stick on 1.0.0, untested though...

After talking to upstream's openssl backend maintainer:

* Upstream will not support this patch for the 5.9 series (even though 5.9 is LTS)
* Upstream will incorporate the patch for 5.10, which will be released in August

It is upstream's opinion that there is no hurry, because 1.0.2 has a longer life cycle than 1.1.0, which is still considered somewhat experimental. For historical reasons, upstream is doubtful of OpenSSL's ability to maintain binary compatibility even in lifetime of 1.1, and prefers to monitor the situation.

Upstream wants people to move to 1.1 but prefers to see at least one release cycle where the 1.1 backend isn't the default so people can test it in a wide range of configurations.

Once the code is more proven, and there is a 1.1-based LTS, upstream will change its recommendation.

Upstream can recommend many things. From PoV of SUSE we are targeting product that will include TLS-1.3 (probably openssl-1.1.1) and we need to make sure we can accommodate that on most packages.

I am not saying that we need to adopt upstream's line of argument. But understanding it might help in working with them towards a solution that works for us. We can either pick up 5.10 early (and miss the opportunity to ship an LTS), or volunteer to backport to 5.9.

That being said: with a project as complex as Qt, and code as complex as its SSL backend, we should be very careful with simply shoehorning half-done patches into our releases.

https://build.opensuse.org/package/show/home:dmolkentin:branches:KDE:Qt5/libqt5-qtbase has the required patches, but can't build against 1.1. When I change the requirement like this:

-BuildRequires:  openssl-devel
+BuildRequires:  libopenssl-1_1_0-devel

I get:

unresolvable: conflict for providers of pkgconfig(libssl) needed by libmysqlclient-devel, (provider libressl-devel conflicts with libopenssl-1_1_0-devel), (provider libopenssl-devel is in conflict with libopenssl-1_1_0-devel)

in Factory. This probably means we'll have to wait for bug 1042632 to be resolved. (This will also be interesting for Qt4, which also needs to link this lib...)

That being said, the patch in question still needs tracking, as upstream has not yet finalized it. Also, they are still considering it to be experimental.

FYI, the OpenSSL 1.1 backend code has been merged upstream:
https://codereview.qt-project.org/#/c/189399/

Submitted to factory.

This is an autogenerated message for OBS integration:
This bug (1042658) was mentioned in
https://build.opensuse.org/request/show/537327 Factory / libqt5-qtbase