From f5ebf2ea9bf90f23339a8a6dc5b1b081f1ed738c Mon Sep 17 00:00:00 2001
From: JeremiahM37 <jeremiah@wolfssl.com>
Date: Thu, 3 Jul 2025 13:11:49 -0600
Subject: [PATCH 1/3] qt5network5 workflow

---
 .github/workflows/qt5network5.yml | 135 ++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 .github/workflows/qt5network5.yml

diff --git a/.github/workflows/qt5network5.yml b/.github/workflows/qt5network5.yml
new file mode 100644
index 00000000..c85e2807
--- /dev/null
+++ b/.github/workflows/qt5network5.yml
@@ -0,0 +1,135 @@
+name: qtbase Network Tests
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**', 'qt5network5' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build_wolfprovider:
+    uses: ./.github/workflows/build-wolfprovider.yml
+    with:
+      wolfssl_ref: ${{ matrix.wolfssl_ref }}
+      openssl_ref: ${{ matrix.openssl_ref }}
+    strategy:
+      matrix:
+        wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
+        openssl_ref: [ 'openssl-3.5.0' ]
+
+  test_qtbase_network:
+    runs-on: ubuntu-22.04
+    needs: build_wolfprovider
+    timeout-minutes: 30
+    strategy:
+      matrix:
+        wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
+        openssl_ref: [ 'openssl-3.5.0' ]
+        qt_ref: [ 'dev', 'v5.15.8-lts-lgpl' ]
+        force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+        exclude:
+          - qt_ref: 'dev'
+            force_fail: 'WOLFPROV_FORCE_FAIL=1'
+    steps:
+      - name: Checkout wolfProvider
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Retrieving wolfSSL/wolfProvider from cache
+        uses: actions/cache/restore@v4
+        id: wolfprov-cache
+        with:
+          path: |
+            wolfssl-install
+            wolfprov-install
+            openssl-install/lib64
+            openssl-install/include
+            openssl-install/bin
+          key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+          fail-on-cache-miss: true
+
+      - name: Install Qt dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential pkg-config \
+            python3 perl libpcre2-dev zlib1g-dev cmake ninja-build
+      
+      - name: Checkout Qt
+        uses: actions/checkout@v4
+        with:
+          repository: qt/qtbase
+          path: qt5_repo
+          ref: ${{ matrix.qt_ref }}
+          fetch-depth: 1
+
+      - name: Configure Qt
+        working-directory: qt5_repo
+        run: |
+          # Set up the environment for wolfProvider
+          source $GITHUB_WORKSPACE/scripts/env-setup
+          
+          # Configure Qt with GUI support to avoid test dependency issues
+          # Build with GUI support but skip examples and DBus
+          ./configure -opensource -confirm-license -developer-build \
+            -nomake examples -no-dbus -no-opengl \
+            -openssl-linked
+
+      - name: Build Qt (dev version - CMake)
+        if: matrix.qt_ref == 'dev'
+        working-directory: qt5_repo
+        run: |
+          # Build the OpenSSL TLS backend plugin first
+          ninja QTlsBackendOpenSSLPlugin
+          
+          #hard loads to wolfProvider instead.
+          perl -pi -e 's/defaultProvider/wolfProvider/g; s/legacyProvider/wolfProvider/g; s/OSSL_PROVIDER_load\(nullptr, "default"\)/OSSL_PROVIDER_load(nullptr, "libwolfprov")/g; s/OSSL_PROVIDER_load\(nullptr, "legacy"\)/OSSL_PROVIDER_load(nullptr, "libwolfprov")/g;' src/corelib/tools/qcryptographichash.cpp
+
+           #Remove legacy loading
+           perl -pi -e 's/CASE\(Md4, "MD4"\);/CASE(Md4, nullptr);/g;' src/corelib/tools/qcryptographichash.cpp
+
+           # Build only the SSL test and its dependencies
+           cmake --build . --target tst_qsslsocket --parallel $(nproc)
+      
+      - name: Build Qt (v5.15.8 - qmake)
+        if: matrix.qt_ref != 'dev'
+        working-directory: qt5_repo
+        run: |
+          # Force C++14 to avoid C++17 compatibility issues
+          echo 'QMAKE_CXXFLAGS += -std=c++14' >> mkspecs/linux-g++/qmake.conf
+          
+          make -k -j$(nproc)
+      
+      - name: Add test server to hosts
+        run: |
+          sudo sh -c 'echo "127.0.0.1 qt-test-server.qt-test-net" >> /etc/hosts'
+
+      - name: Run QSSLSocket test
+        working-directory: qt5_repo
+        run: |
+          # Set up the environment for wolfProvider
+          source $GITHUB_WORKSPACE/scripts/env-setup
+          export ${{ matrix.force_fail }}
+          
+          # Run the QSSLSocket test, the make check takes too long
+          ./tests/auto/network/ssl/qsslsocket/tst_qsslsocket 2>&1 | tee qsslsocket-test.log
+          
+          # Make sure it passes the same number of tests as openssl
+          if [ "${{ matrix.qt_ref }}" == "dev" ]; then
+            EXPECTED_TESTS=549
+          else
+            EXPECTED_TESTS=521
+          fi
+          
+          # Check test results
+          if grep -q "$EXPECTED_TESTS passed" qsslsocket-test.log; then
+            TEST_RESULT=0
+          else
+            TEST_RESULT=1
+            echo "Expected $EXPECTED_TESTS tests to pass, but results don't match expected counts"
+          fi
+          
+          $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} qtbase-qsslsocket

From 8f892cb3ea9bae1e89ad929428153e898da9f5ae Mon Sep 17 00:00:00 2001
From: JeremiahM37 <jeremiah@wolfssl.com>
Date: Wed, 23 Jul 2025 11:40:05 -0600
Subject: [PATCH 2/3] qtbase patch

---
 .github/workflows/qt5network5.yml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/qt5network5.yml b/.github/workflows/qt5network5.yml
index c85e2807..9861f3dd 100644
--- a/.github/workflows/qt5network5.yml
+++ b/.github/workflows/qt5network5.yml
@@ -57,6 +57,13 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y build-essential pkg-config \
             python3 perl libpcre2-dev zlib1g-dev cmake ninja-build
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          fetch-depth: 1
       
       - name: Checkout Qt
         uses: actions/checkout@v4
@@ -82,17 +89,14 @@ jobs:
         if: matrix.qt_ref == 'dev'
         working-directory: qt5_repo
         run: |
+          # Apply patch from OSP repo
+          patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/qtbase/qtbase-v6.10-wolfprov.patch
+         
           # Build the OpenSSL TLS backend plugin first
           ninja QTlsBackendOpenSSLPlugin
           
-          #hard loads to wolfProvider instead.
-          perl -pi -e 's/defaultProvider/wolfProvider/g; s/legacyProvider/wolfProvider/g; s/OSSL_PROVIDER_load\(nullptr, "default"\)/OSSL_PROVIDER_load(nullptr, "libwolfprov")/g; s/OSSL_PROVIDER_load\(nullptr, "legacy"\)/OSSL_PROVIDER_load(nullptr, "libwolfprov")/g;' src/corelib/tools/qcryptographichash.cpp
-
-           #Remove legacy loading
-           perl -pi -e 's/CASE\(Md4, "MD4"\);/CASE(Md4, nullptr);/g;' src/corelib/tools/qcryptographichash.cpp
-
-           # Build only the SSL test and its dependencies
-           cmake --build . --target tst_qsslsocket --parallel $(nproc)
+          # Build only the SSL test and its dependencies
+          cmake --build . --target tst_qsslsocket --parallel $(nproc)
       
       - name: Build Qt (v5.15.8 - qmake)
         if: matrix.qt_ref != 'dev'

From cf43bec6bfa676d574512525501ed515a03d3ffc Mon Sep 17 00:00:00 2001
From: JeremiahM37 <jeremiah@wolfssl.com>
Date: Fri, 25 Jul 2025 15:04:14 -0600
Subject: [PATCH 3/3] qtbase workflow

---
 .github/scripts/qtbase/BLACKLIST  | 28 ++++++++++++++++++++++++
 .github/workflows/qt5network5.yml | 36 ++++++++++++++++++-------------
 2 files changed, 49 insertions(+), 15 deletions(-)
 create mode 100644 .github/scripts/qtbase/BLACKLIST

diff --git a/.github/scripts/qtbase/BLACKLIST b/.github/scripts/qtbase/BLACKLIST
new file mode 100644
index 00000000..e109306e
--- /dev/null
+++ b/.github/scripts/qtbase/BLACKLIST
@@ -0,0 +1,28 @@
+[connectToHostEncrypted:WithoutProxy]
+ci
+[connectToHostEncryptedWithVerificationPeerName:WithoutProxy]
+ci
+[sessionCipher:WithoutProxy]
+ci
+[sessionCipher:WithSocks5Proxy]
+ci
+[sessionCipher:WithSocks5ProxyAuth]
+ci
+[sessionCipher:WithHttpProxy]
+ci
+[sessionCipher:WithHttpProxyBasicAuth]
+ci
+[protocol:WithoutProxy]
+ci
+[setSslConfiguration:WithoutProxy:set-root-cert]
+ci
+[setSslConfiguration:WithoutProxy:secure]
+ci
+[verifyMode:WithoutProxy]
+ci
+[resetProxy:WithoutProxy]
+ci
+[readFromClosedSocket:WithoutProxy]
+ci
+[forwardReadChannelFinished:WithoutProxy]
+ci
diff --git a/.github/workflows/qt5network5.yml b/.github/workflows/qt5network5.yml
index 9861f3dd..cc66aae7 100644
--- a/.github/workflows/qt5network5.yml
+++ b/.github/workflows/qt5network5.yml
@@ -97,6 +97,9 @@ jobs:
           
           # Build only the SSL test and its dependencies
           cmake --build . --target tst_qsslsocket --parallel $(nproc)
+
+          #disable tests that both openssl and wolfprovider fail
+          cp $GITHUB_WORKSPACE/.github/scripts/qtbase/BLACKLIST tests/auto/network/ssl/qsslsocket/BLACKLIST
       
       - name: Build Qt (v5.15.8 - qmake)
         if: matrix.qt_ref != 'dev'
@@ -106,7 +109,7 @@ jobs:
           echo 'QMAKE_CXXFLAGS += -std=c++14' >> mkspecs/linux-g++/qmake.conf
           
           make -k -j$(nproc)
-      
+
       - name: Add test server to hosts
         run: |
           sudo sh -c 'echo "127.0.0.1 qt-test-server.qt-test-net" >> /etc/hosts'
@@ -119,21 +122,24 @@ jobs:
           export ${{ matrix.force_fail }}
           
           # Run the QSSLSocket test, the make check takes too long
-          ./tests/auto/network/ssl/qsslsocket/tst_qsslsocket 2>&1 | tee qsslsocket-test.log
-          
-          # Make sure it passes the same number of tests as openssl
-          if [ "${{ matrix.qt_ref }}" == "dev" ]; then
-            EXPECTED_TESTS=549
-          else
-            EXPECTED_TESTS=521
-          fi
+          QTEST_ENVIRONMENT=ci ./tests/auto/network/ssl/qsslsocket/tst_qsslsocket 2>&1 | tee qsslsocket-test.log
           
-          # Check test results
-          if grep -q "$EXPECTED_TESTS passed" qsslsocket-test.log; then
-            TEST_RESULT=0
+          # Check test results based on qt_ref
+          if [[ "${{ matrix.qt_ref }}" == "dev" ]]; then
+            if grep -q "0 failed" qsslsocket-test.log; then
+              TEST_RESULT=0
+            else
+              TEST_RESULT=1
+              echo "Tests failed unexpectedly for 'dev' branch."
+            fi
           else
-            TEST_RESULT=1
-            echo "Expected $EXPECTED_TESTS tests to pass, but results don't match expected counts"
+            #No easy way to disable tests in v5.15.8. Both openssl and wolfprovider should always pass 521 tests on this version though
+            if grep -q "521 passed" qsslsocket-test.log; then
+              TEST_RESULT=0
+            else
+              TEST_RESULT=1
+              echo "Tests failed unexpectedly for 'v5.15.8-lts-lgpl' branch."
+            fi
           fi
-          
+
           $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} qtbase-qsslsocket