[Interest] Chromium build failure, SSL and Qt 5.6.3 vs 5.6.0,

Christian Gagneraud chgans at gmail.com
Tue Jul 31 13:32:38 CEST 2018

On 31 July 2018 at 21:43, Allan Sandfeld Jensen <kde at carewolf.com> wrote:
> On Sonntag, 29. Juli 2018 22:58:41 CEST Christian Gagneraud wrote:
>> Hi,
>> We used to build Qt-5.6.3 on and for Linux-i386.
>> I recently had to downgrade to Qt-5.6.0 (see below), but now the build
>> fails with:
>> qtwebengine/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c:
>> In function 'ssl3_ChaCha20Poly1305':
>> qtwebengine/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c:2118:15:
>> error: 'CK_NSS_AEAD_PARAMS {aka struct CK_NSS_AEAD_PARAMS}' has no member
>> named 'pIv'
>>      aeadParams.pIv = (unsigned char *) additionalData;
>>                ^
>> qtwebengine/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c:2119:15:
>> error: 'CK_NSS_AEAD_PARAMS {aka struct CK_NSS_AEAD_PARAMS}' has no member
>> named 'ulIvLen'
>>      aeadParams.ulIvLen = 8;
>>                ^
>> Are there any special requirements,or actually is there a difference
>> in the requirements, to build Qt5.6.0 vs Qt-5.6.3?
> Yes. It is most likely NSS, it could in 5.6.0 be used for both encryption and
> certicate checking but in 5.6.3 is only used for certificate checking. You can
> try using NSS 3.21, but note it will report most Google certificates as
> broken. You can also try removing libnss-dev in which case OpenSSL will be
> used for both, but that also means most Google certicates are reported as
> broken (because they objectively are signed by a too weak root).

Thanks for all the details, greatly appreciated. I'll have to dig that
further, will report.

> See https://codereview.qt-project.org/#/c/153890/ perhaps you can cherry pick
> it, though it might not be easy QtWebEngine also upgraded from Chromium 45 to
> 49 in the 5.6 series.

What can I say other than:
Should this (Chromium 45 -> 49) be part of "patch" release?
I don't want to be mean or rude, but honestly i have notice a
degradation of patch release management in the recent years...
To the point that now the "Qt Maintenance Tool" offers you to install
different patch release, like nobody trust they are actually
equivalent and ABI backward compatible as they used to be...

Thanks for the heads up and sorry for the complain, i know everyone is
doing their best but having to deal with Qt and Linux 32 bits in 2018
is like trying to fit a square in a circle. No matter how big is your
hammer, you'll hit a titanium wall....


More information about the Interest mailing list