[Development] websockets (was RE: Qt 5.3 Feature freeze is coming quite soon...)

Samuel Gaist samuel.gaist at edeltech.ch
Wed Jan 29 21:18:48 CET 2014


On 29 janv. 2014, at 18:50, Konrad Rosenbaum <konrad at silmor.de> wrote:

> Hi,
>  
> On Wednesday, Wednesday 29 January 2014 at 11:02, Koehne Kai wrote:
> > > -----Original Message-----
> > > From: development-bounces+kai.koehne=digia.com at qt-project.org
> > > [...]
> > > Later on: when a plan has been found to expose the low-level OpenSSL API
> > > to Qt this implementation could be changed to use OpenSSL and fall back
> > > to qrand if it is not available.
> > 
> > How about just making this plan A?
> > 
> > Maybe I'm naïve, but that would just require that
> > - qtwebsockets link against openssl directly (see e.g.
> > qtbase/src/network/ssl/ssl.pri)
>  
> The first problem I could see with this: is it binary compatible to later on relax this requirement?
>  
> Direct linking may also cause problems if QSslSocket for some strange reason then tries to load a different version of OpenSSL later on...
>  
> After reading myself a bit into the API: I don't think a fast start on this is a particularly great idea. OpenSSL is not thread-safe per default and needs some specific initialization for thread safety. This initialization needs to be done EXACTLY once.
>  
> In short: we need a unified interface into OpenSSL for Qt before we attempt to do this.
>  
> > - Use the API described in
> > http://wiki.openssl.org/index.php/Random_Numbers to generate the random
> > number.
> > 
> > I also don't think you even need the 'no-openssl available' use case.
>  
> While OpenSSL is commonly available on most systems. It may not be available on all embedded platforms and it may not be the expected version. I can see scenarios in which Websockets are needed, but OpenSSL is not available or not desired by the user (e.g. embedded industrial apps that need to access some networked resource with a very strange protocol[tm] while the boss insists that he would run into export restrictions if he allowed OpenSSL).
>  
>  
> 	Konrad

If I may chime in, iOS officially doesn't provide OpenSSL and the documentation recommends to use Apple's own cryptographic framework.

https://developer.apple.com/library/mac/DOCUMENTATION/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html




More information about the Development mailing list