[Interest] Chromium build failure, SSL and Qt 5.6.3 vs 5.6.0,

[Christian Gagneraud]

On 31 July 2018 at 21:43, Allan Sandfeld Jensen <kde at carewolf.com> wrote:
> On Sonntag, 29. Juli 2018 22:58:41 CEST Christian Gagneraud wrote:
>> Hi,
>>
>> We used to build Qt-5.6.3 on and for Linux-i386.
>> I recently had to downgrade to Qt-5.6.0 (see below), but now the build
>> fails with:
>>
>> qtwebengine/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c:
>> In function 'ssl3_ChaCha20Poly1305':
>> qtwebengine/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c:2118:15:
>> error: 'CK_NSS_AEAD_PARAMS {aka struct CK_NSS_AEAD_PARAMS}' has no member
>> named 'pIv'
>>      aeadParams.pIv = (unsigned char *) additionalData;
>>                ^
>> qtwebengine/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c:2119:15:
>> error: 'CK_NSS_AEAD_PARAMS {aka struct CK_NSS_AEAD_PARAMS}' has no member
>> named 'ulIvLen'
>>      aeadParams.ulIvLen = 8;
>>                ^
>>
>> Are there any special requirements,or actually is there a difference
>> in the requirements, to build Qt5.6.0 vs Qt-5.6.3?
>>
> Yes. It is most likely NSS, it could in 5.6.0 be used for both encryption and
> certicate checking but in 5.6.3 is only used for certificate checking. You can
> try using NSS 3.21, but note it will report most Google certificates as
> broken. You can also try removing libnss-dev in which case OpenSSL will be
> used for both, but that also means most Google certicates are reported as
> broken (because they objectively are signed by a too weak root).
>
> See https://codereview.qt-project.org/#/c/153890/ perhaps you can cherry pick
> it, though it might not be easy QtWebEngine also upgraded from Chromium 45 to
> 49 in the 5.6 series.

I have uninstalled libnss-dev, and now it builds. The breaking change
seemed to have been introduced with 5.6.1, 5.6.0 is the only patch
version that requires libnss headers to not be present for chromium to
build.

Thanks a lot!

Chris