Skip to content
  • jcfr's avatar
    ENH: Add SSL support · 897bf9e6
    jcfr authored
    Having the application interacting with services or downloading resources
    served over https protocol is now required. More particularly,
    it became necessary to access resources stored on Github (extension
    manager - issue #2354) or to download python packages from pip server
    at run time.
    
    The CMake option "Slicer_USE_PYTHONQT_WITH_OPENSSL" allowing to enable or
    disable OpenSSL support has been introduced is set to OFF by default.
    
    Building OpenSSL
    ================
    
    On Windows, since Perl is required, OpenSSL binaries have been
    generated and uploaded on kitware packages server. See [1]
    
    The project allowing to re-generate the Windows OpenSSL archive is currently
    hosted here [2].
    
    On unix-like system, OpenSSL is built has part of the Superbuild. To ensure
    is can be built in parallel, a patch is also applied [3].
    
    Finally, since python is built with OpenSSL support, the python launcher
    is now configured on all platform so that python can properly load the built
    OpenSSL shared library when it is used to build project like numpy.
    
    [1] http://packages.kitware.com/packages/application/view?applicationId=20
    [2] https://gist.github.com/jcfr/6030240
    [3] https://raw.github.com/Alexpux/Qt-builds/master/patches/openssl/openssl-1.0.1-parallel-build.patch
    
    OpenSSL support in Qt, python, curl
    ===================================
    
    Practically, it means that library like Qt, python, curl need to be
    built with OpenSSL support.
    
    This commit only address OpenSSL support for Python and Qt.
    
    Curl support is not yet enabled.
    
    For Qt OpenSSL support, Qt has to be built with the flags:
      -openssl
      -I /path/to/OpenSSL/include
      -L /path/to/OpenSSL/lib
    
    On unix-like system, available binaries are already OpenSSL ready, Qt
    has to be explicitly built only on windows. On windows, Qt will have to
    be built.
    
    Certificates
    ============
    
    In case X.509v3 certificates are available on the system where Slicer is
    executed, a certificate bundle "Slicer.crt" is also provided. The set of
    scripts allowing to generate the bundle are provided by BLFS
    (Beyond Linux From Scratch).
    More details in Base/QTCore/Resources/Certs/README
    
    Application integration
    =======================
    
    The Slicer core application will load the Slicer.crt bundle if needed.
    
    qSlicerExtensionsInstallWidget now derives from a re-usable widget
    named qSlicerWebWidget.
    
    qSlicerSslTest has been added to check that "https" connection can
    be established using Qt library.
    
    Fixes #2998
    Fixes #2355
    Fixes #2354
    
    git-svn-id: http://svn.slicer.org/Slicer4/trunk@22220 3bd1e089-480b-0410-8dfb-8563597acbee
    897bf9e6