Reputation: 1463
QSslSocket proxy server (https) and certs. Handshake error
I'm writing a proxy server, http part is ready, but are having problems with https. I created a certificate and private key (as I understood, without it will not work) in this way:
OpenSSL> req-x509-newkey rsa: 2048-keyout server.key-nodes-days 365-out server.csr
I did a simple QTcpServer that is passed a socketDescriptor to the created object on newIncomingConnection(). In constructor of my object I did:
sock = new QSslSocket();
connect (sock,SIGNAL(readyRead()),this,SLOT(onQuery()));
connect(sock,SIGNAL(disconnected()),this,SLOT(deleteLater()));
connect(sock,SIGNAL(error(QAbstractSocket::SocketError)),this,SLOT(onError(QAbstractSocket::SocketError)));
connect(sock,SIGNAL(sslErrors(QList<QSslError>)),this,SLOT(sltSslErrors(QList<QSslError>)));
...
Load key and cert
...
sock->setProtocol(QSsl::AnyProtocol);
QSslKey sslKey(key, QSsl::Rsa);
QSslCertificate sslCert(cert);
sock->setPrivateKey(sslKey);
sock->setLocalCertificate(sslCert);
sock->setSocketDescriptor(socketDesc);
sock->startServerEncryption();
if(!sock->waitForEncrypted(30000)) {
qDebug()<<"wait for encrypted failed";
}
On connect in console I see "wait for encrypted failed" and socket emited signal error() with QAbstractSocket::SslHandshakeFailedError. Could you give advice on what else to do that would be to establish the ssl connection without error ?
Upvotes: 0
Views: 1436
Answers (1)
Reputation: 11
I believe you need to call setSocketDescriptor before calling the setPrivateKey and setLocalCertificate methods.
Below is code that I've used to create a HTTPS Server Socket, extending QTcpServer.
void SslServer::incomingConnection(qintptr socketDescriptor)
{
QSslSocket *serverSocket = new QSslSocket;
if (serverSocket->setSocketDescriptor(socketDescriptor)) {
QFile keyFile(<sslKeyFileName>);
if (!keyFile.open(QIODevice::ReadOnly)) {
delete serverSocket;
return;
}
QSslKey key(&keyFile, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
if (key.isNull()) {
delete serverSocket;
return;
}
keyFile.close();
serverSocket->setPrivateKey(key);
// to prevent asking for client certificate.
serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
serverSocket->setLocalCertificate(<certificateFileName>);
serverSocket->startServerEncryption();
if (serverSocket->waitForEncrypted(3000)) {
// this will emit a newConnection() signal
addPendingConnection(serverSocket);
} else {
qDebug() << "Encryption Failed.";
delete serverSocket;
}
} else {
delete serverSocket;
}
}
Upvotes: 1
Related Questions
- Qt error message "qt.network.ssl: QSslSocket::connectToHostEncrypted: TLS initialization failed"
- How to make QSslSocket support SSL using an OpenSSL installation?
- Qt & SSL, Handshake failed
- Error during SSL Handshake with qt
- Can't get QSslSocket to work
- Connecting QSslSocket with OpenSSL server
- Qt QSslSocket "The certificate is self-signed, and untrusted"
- QNetworkAccessManager ssl handshake fails
- Failed SSL handshake with ssl server written on Qt 5.2.1
- Qt SSl Error (QSslSocket: cannot resolve TLSv1_1_client_method)