From 722c117d54d6d96800a5dfe6f0ed1342902aeac6 Mon Sep 17 00:00:00 2001 From: Florian Bruhin Date: Fri, 2 Jun 2017 21:52:53 +0200 Subject: [PATCH] Better handling of OpenSSL 1.1 Fixes #2690 --- INSTALL.asciidoc | 5 +++++ qutebrowser/misc/earlyinit.py | 27 +++++++++++++++++++-------- qutebrowser/utils/log.py | 10 ++++------ 3 files changed, 28 insertions(+), 14 deletions(-) diff --git a/INSTALL.asciidoc b/INSTALL.asciidoc index 3be70ac4d..0dcf3e6d8 100644 --- a/INSTALL.asciidoc +++ b/INSTALL.asciidoc @@ -347,6 +347,11 @@ https://docs.python.org/3/library/venv.html[virtual environment]: $ tox -e mkvenv-pypi ---- +If your distribution uses OpenSSL 1.1 (like Debian Stretch or Archlinux), you'll +need to set `LD_LIBRARY_PATH` to the OpenSSL 1.0 directory +(`export LD_LIBRARY_PATH=/usr/lib/openssl-1.0` on Archlinux) before starting +qutebrowser. + Alternatively, you can use `tox -e mkvenv` (without `-pypi`) to symlink your local Qt install instead of installing PyQt in the virtualenv. However, unless you have QtWebKit-NG or QtWebEngine available, qutebrowser will use the legacy diff --git a/qutebrowser/misc/earlyinit.py b/qutebrowser/misc/earlyinit.py index 22d2e1f35..5d82e0623 100644 --- a/qutebrowser/misc/earlyinit.py +++ b/qutebrowser/misc/earlyinit.py @@ -272,17 +272,28 @@ def check_qt_version(backend): _die(text) -def check_ssl_support(): +def check_ssl_support(backend): """Check if SSL support is available.""" + from qutebrowser.utils import log + try: from PyQt5.QtNetwork import QSslSocket except ImportError: - ok = False - else: - ok = QSslSocket.supportsSsl() - if not ok: - text = "Fatal error: Your Qt is built without SSL support." - _die(text) + _die("Fatal error: Your Qt is built without SSL support.") + + text = ("Could not initialize QtNetwork SSL support. If you use " + "OpenSSL 1.1 with a PyQt package from PyPI (e.g. on Archlinux " + "or Debian Stretch), you need to set LD_LIBRARY_PATH to the path " + "of OpenSSL 1.0.") + if backend == 'webengine': + text += " This only affects downloads." + + if not QSslSocket.supportsSsl(): + if backend == 'webkit': + _die("Could not initialize SSL support.") + else: + assert backend == 'webengine' + log.init.warning(text) def check_libraries(backend): @@ -404,6 +415,6 @@ def earlyinit(args): check_qt_version(backend) remove_inputhook() check_libraries(backend) - check_ssl_support() + check_ssl_support(backend) check_optimize_flag() set_backend(backend) diff --git a/qutebrowser/utils/log.py b/qutebrowser/utils/log.py index 5bf8424ff..c2abbfb87 100644 --- a/qutebrowser/utils/log.py +++ b/qutebrowser/utils/log.py @@ -394,12 +394,10 @@ def qt_message_handler(msg_type, context, msg): "Image of format '' blocked because it is not considered safe. If you " "are sure it is safe to do so, you can white-list the format by " "setting the environment variable QTWEBKIT_IMAGEFORMAT_WHITELIST=", - # Installing Qt from the installer may cause it looking for SSL3 which - # may not be available on the system - "QSslSocket: cannot resolve SSLv2_client_method", - "QSslSocket: cannot resolve SSLv2_server_method", - "QSslSocket: cannot resolve SSLv3_client_method", - "QSslSocket: cannot resolve SSLv3_server_method", + # Installing Qt from the installer may cause it looking for SSL3 or + # OpenSSL 1.0 which may not be available on the system + "QSslSocket: cannot resolve ", + "QSslSocket: cannot call unresolved function ", # When enabling debugging with QtWebEngine "Remote debugging server started successfully. Try pointing a " "Chromium-based browser to ",