From 12ef38c192dd21477574434caf4ff47562293883 Mon Sep 17 00:00:00 2001 From: Janek Bevendorff Date: Tue, 10 Mar 2026 00:38:06 +0100 Subject: [PATCH] Also override OPENSSL_ENGINES to prevent DLL injection (#13124) --- src/main.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main.cpp b/src/main.cpp index cb7cb18f9..a08642b34 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -54,10 +54,11 @@ int main(int argc, char** argv) QT_REQUIRE_VERSION(argc, argv, QT_VERSION_STR) #ifdef Q_OS_WIN - // Set OPENSSL_CONF and OPENSSL_MODULES to an invalid location to prevent DLL injection via openssl.cnf. + // Set OPENSSL_* variables to an invalid location to prevent DLL injection via openssl.cnf. // vcpkg by default hard-codes this to its packages location, which may be user-writable. qputenv("OPENSSL_CONF", "::"); qputenv("OPENSSL_MODULES", "::"); + qputenv("OPENSSL_ENGINES", "::"); #endif QApplication::setAttribute(Qt::AA_EnableHighDpiScaling);