From 4b50ece3d8dd697cc510dd769149b76ce55be106 Mon Sep 17 00:00:00 2001
From: Julian Oes <julian@oes.ch>
Date: Mon, 3 Jun 2024 10:04:05 +1200
Subject: [PATCH] QGeoMapReplyQGC: ignore SSL without OpenSSL 1.x

This fixes terrain download on Ubuntu 22.04 where only OpenSSL 3 is
available on the system but Qt5 wants OpenSSL 1.x.

This just copies the fix over from QGCFileDownload.
---
 src/QtLocationPlugin/QGeoMapReplyQGC.cpp | 20 ++++++++++++++++++++
 src/QtLocationPlugin/QGeoMapReplyQGC.h   |  1 +
 2 files changed, 21 insertions(+)

diff --git a/src/QtLocationPlugin/QGeoMapReplyQGC.cpp b/src/QtLocationPlugin/QGeoMapReplyQGC.cpp
index 36c148c..84bf414 100644
--- a/src/QtLocationPlugin/QGeoMapReplyQGC.cpp
+++ b/src/QtLocationPlugin/QGeoMapReplyQGC.cpp
@@ -209,6 +209,9 @@ QGeoTiledMapReplyQGC::cacheError(QGCMapTask::TaskType type, QString /*errorStrin
 #endif
         _reply = _networkManager->get(_request);
         _reply->setParent(nullptr);
+
+        setIgnoreSSLErrorsIfNeeded(*_reply);
+
         connect(_reply, &QNetworkReply::finished, this, &QGeoTiledMapReplyQGC::networkReplyFinished);
         connect(_reply, SIGNAL(error(QNetworkReply::NetworkError)), this, SLOT(networkReplyError(QNetworkReply::NetworkError)));
 #if !defined(__mobile__)
@@ -248,3 +251,20 @@ QGeoTiledMapReplyQGC::timeout()
     }
     emit aborted();
 }
+
+//-----------------------------------------------------------------------------
+void QGeoTiledMapReplyQGC::setIgnoreSSLErrorsIfNeeded(QNetworkReply& networkReply)
+{
+    // Some systems (like Ubuntu 22.04) only ship with OpenSSL 3.x, however Qt 5.15.2 links against OpenSSL 1.x.
+    // This results in unresolved symbols for EVP_PKEY_base_id and SSL_get_peer_certificate.
+    // To still get a connection we have to ignore certificate verification (connection is still encrypted but open to MITM attacks)
+    // See https://bugreports.qt.io/browse/QTBUG-115146
+    const bool sslLibraryBuildIs1x = (QSslSocket::sslLibraryBuildVersionNumber() & 0xf0000000) == 0x10000000;
+    const bool sslLibraryIs3x = (QSslSocket::sslLibraryVersionNumber() & 0xf0000000) == 0x30000000;
+    if (sslLibraryBuildIs1x && sslLibraryIs3x) {
+        qWarning() << "Ignoring ssl certificates due to OpenSSL version mismatch";
+        QList<QSslError> errorsThatCanBeIgnored;
+        errorsThatCanBeIgnored << QSslError(QSslError::NoPeerCertificate);
+        networkReply.ignoreSslErrors(errorsThatCanBeIgnored);
+    }
+}
diff --git a/src/QtLocationPlugin/QGeoMapReplyQGC.h b/src/QtLocationPlugin/QGeoMapReplyQGC.h
index af9ab1e..beaef6f 100644
--- a/src/QtLocationPlugin/QGeoMapReplyQGC.h
+++ b/src/QtLocationPlugin/QGeoMapReplyQGC.h
@@ -73,6 +73,7 @@ private slots:
 
 private:
     void _clearReply            ();
+    void setIgnoreSSLErrorsIfNeeded(QNetworkReply& networkReply);
 
 private:
     QNetworkReply*          _reply;