CODEWITHSUNDEEP
qtsslwebkitopensslqtnetwork
RzuF
RzuF

Reputation: 43

Qt OpenSSL problem - blocked (?) on some computers

I write an app i qt which uses OpenSSL. All was alright, since yesterday. I compiled app and sent to my friend. On his computer application can open https. I open on other computer and it doesn't work. So I gave it to other friend and he can't open https websites. I was confused and gave other guy and on his computer my app is working. I don't understand situation. Previous versions worked without bugs. But i ran previous version which worked and it doesn't work too. I turned off all my firewalls. Nothing changed.

Any suggestions?

We all have 7 x64. I tested on XP HE and it works, bou on 7 x64 doesn't work. On my friend's computer 7 x64 works, but on XP HE doesn't works. IMO Operating System hasn't got any mean.

Upvotes: 3

Views: 1542

Answers (3)

some.birdie
some.birdie

Reputation: 2269

Try to use QSslSocket::ignoreSslErrors() method.

I also had such problems and using this function solved them for me.

Upvotes: 2

fen
fen

Reputation: 371

In case you have still no solution to the error - I just ran over the same issue. It seems to be a problem with the CA certficate chain on the Windows computer. The details can be found at https://bugreports.qt-project.org/browse/QTBUG-20012.

Here's also a little class which fixes the ca chain so the error should not occur in the application.

#ifndef OPENSSLFIX_H
#define OPENSSLFIX_H

#include <QSslConfiguration>

/* this class fixes a problem with qt/openssl and expired ca certificates.
 * the idea is taken from https://bugreports.qt-project.org/browse/QTBUG-20012
 * which describes the problem and the workaround further. the workaround is
 * scheduled for qt5, but will not be introduced into qt4.x.
 *
 * to use this fix just call it in main() before doing any network related 
 * stuff
 *
 * OpenSslFix::fixCaCertificates();
 *
 * it will go through the certificates and remove invalid certs from the chain,
 * thus avoiding the error to arise.
 */
class OpenSslFix {
public:
    static void fixCaCertificates()
    {
        QSslConfiguration config(QSslConfiguration::defaultConfiguration());
        QList<QSslCertificate> in(config.caCertificates());
        QList<QSslCertificate> out;

        for (int i=0, size=in.size(); i<size; ++i) {
            const QSslCertificate &c(in[i]);
            if (c.isValid()) {
                /* not expired -> add */
                out << c;
                continue;
            }

            /* check if the cert is already present in the output */
            bool found = false;
            for (int j=0, size=out.size(); j<size; ++j) {
                if (isCertificateSameName(c, out[j])) {
                    /* already present... */
                    found = true;
                    break;
                }
            }

            if (!found)
                out << c;
        }

        /* now set the new list as the default */
        config.setCaCertificates(out);
        QSslConfiguration::setDefaultConfiguration(config);
    }

private:
    static inline bool isCertificateSameName(const QSslCertificate &cert1, 
                                             const QSslCertificate &cert2)
    {
        return cert1.subjectInfo(QSslCertificate::Organization) ==
                cert2.subjectInfo(QSslCertificate::Organization) &&
                cert1.subjectInfo(QSslCertificate::CommonName) ==
                cert2.subjectInfo(QSslCertificate::CommonName) &&
                cert1.subjectInfo(QSslCertificate::LocalityName) ==
                cert2.subjectInfo(QSslCertificate::LocalityName) &&
                cert1.subjectInfo(QSslCertificate::OrganizationalUnitName) ==
                cert2.subjectInfo(QSslCertificate::OrganizationalUnitName) &&
                cert1.subjectInfo(QSslCertificate::StateOrProvinceName) ==
                cert2.subjectInfo(QSslCertificate::StateOrProvinceName) &&
                cert1.subjectInfo(QSslCertificate::CountryName) ==
                cert2.subjectInfo(QSslCertificate::CountryName);
    }
};

#endif // OPENSSLFIX_H

Upvotes: 2

Virne
Virne

Reputation: 1245

By default Qt doesn't contain implementation of OpenSSL, but uses libraries already installed into system.

Installing Win32 OpenSSL will make it work.

Another option is to build Qt with OpenSSL. Some info here.

Upvotes: 2

Related Questions