Reputation: 2893
Best practices to check SSL Certificate validity on client side in QWebSockets
I'm trying to write an application which uses the brand new QWebSockets.
So far, I want to implement the secure web socket, but the examples point me to reject SSL errors, even if they have commented that it is unsafe.
My question is: how should I handle the controls on SSL certificates, even self-signed ones, on client side? What are the best practices in this case?
FYI, here there's a link to QSSLErrors which are emitted by the QWebSocket class .
Unfortunately, webSocket.sslConfiguration().peerCertificate() returns empty values when I'm printing them out.
Upvotes: 1
Views: 795
Answers (1)
Reputation: 310957
Very broad, but you shouldn't trust all certificates, or bypass hostname checking in HTTPS. You don't need to verify the certificate itself, as the library should do that. You should also check that the subjectDN of the certificate is the one you're expecting to see, unless you're using HTTPS which does that for you (hostname check).
Upvotes: 0
Related Questions
- What is the correct way to create succesfull SSL handshake in QT?
- How to ignore SSL certificate errors with QWebEngineView
- How to connect with server using Secure WebSocket in Qt c++
- How connect use SSL Websocket from QT
- Qt local secure web sockets
- Qt QSslSocket "The certificate is self-signed, and untrusted"
- How to ignore SSL error in Qt based TCP server - client application
- How a client app connect to an SSL server with a self-signed certificate in Qt?
- How to obtain peer's QSslCertificate after successful SSL handshake
- Qtwebsockets Samples SSL