Better handling of OpenSSL 1.1

Fixes #2690

INSTALL.asciidoc

@@ -347,6 +347,11 @@ https://docs.python.org/3/library/venv.html[virtual environment]:
 $ tox -e mkvenv-pypi
 ----
 
+If your distribution uses OpenSSL 1.1 (like Debian Stretch or Archlinux), you'll
+need to set `LD_LIBRARY_PATH` to the OpenSSL 1.0 directory
+(`export LD_LIBRARY_PATH=/usr/lib/openssl-1.0` on Archlinux) before starting
+qutebrowser.
+
 Alternatively, you can use `tox -e mkvenv` (without `-pypi`) to symlink your
 local Qt install instead of installing PyQt in the virtualenv. However, unless
 you have QtWebKit-NG or QtWebEngine available, qutebrowser will use the legacy

qutebrowser/misc/earlyinit.py

@@ -272,17 +272,28 @@ def check_qt_version(backend):
         _die(text)
 
 
-def check_ssl_support():
+def check_ssl_support(backend):
     """Check if SSL support is available."""
+    from qutebrowser.utils import log
+
     try:
         from PyQt5.QtNetwork import QSslSocket
     except ImportError:
-        ok = False
-    else:
-        ok = QSslSocket.supportsSsl()
-    if not ok:
-        text = "Fatal error: Your Qt is built without SSL support."
-        _die(text)
+        _die("Fatal error: Your Qt is built without SSL support.")
+
+    text = ("Could not initialize QtNetwork SSL support. If you use "
+            "OpenSSL 1.1 with a PyQt package from PyPI (e.g. on Archlinux "
+            "or Debian Stretch), you need to set LD_LIBRARY_PATH to the path "
+            "of OpenSSL 1.0.")
+    if backend == 'webengine':
+        text += " This only affects downloads."
+
+    if not QSslSocket.supportsSsl():
+        if backend == 'webkit':
+            _die("Could not initialize SSL support.")
+        else:
+            assert backend == 'webengine'
+            log.init.warning(text)
 
 
 def check_libraries(backend):
@@ -404,6 +415,6 @@ def earlyinit(args):
     check_qt_version(backend)
     remove_inputhook()
     check_libraries(backend)
-    check_ssl_support()
+    check_ssl_support(backend)
     check_optimize_flag()
     set_backend(backend)

qutebrowser/utils/log.py

@@ -394,12 +394,10 @@ def qt_message_handler(msg_type, context, msg):
         "Image of format '' blocked because it is not considered safe. If you "
             "are sure it is safe to do so, you can white-list the format by "
             "setting the environment variable QTWEBKIT_IMAGEFORMAT_WHITELIST=",
-        # Installing Qt from the installer may cause it looking for SSL3 which
-        # may not be available on the system
-        "QSslSocket: cannot resolve SSLv2_client_method",
-        "QSslSocket: cannot resolve SSLv2_server_method",
-        "QSslSocket: cannot resolve SSLv3_client_method",
-        "QSslSocket: cannot resolve SSLv3_server_method",
+        # Installing Qt from the installer may cause it looking for SSL3 or
+        # OpenSSL 1.0 which may not be available on the system
+        "QSslSocket: cannot resolve ",
+        "QSslSocket: cannot call unresolved function ",
         # When enabling debugging with QtWebEngine
         "Remote debugging server started successfully. Try pointing a "
             "Chromium-based browser to ",