Qt4-preview-feedback Archive, May 2007
QSslSocket server side
Message 1 in thread
I am trying to get QSslSocket working on the server side. I've attached
my server-side code (just one file: main.cxx). Is there something I'm
doing wrong here? I'm using the SslClient example taken from a Trolltech
blog post (maybe Andreas' blog, but can't recall) which works fine with
www.google.com on port 443. Here's the output on my server:
MySslServer::incomingConnection( 8 )
MySslServer::stateChanged( 3 )
Calling sslSocket->startServerEncryption()
MySslServer::sslModeChanged( 2 )
MySslServer::error( -1 "Error during SSL handshake: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher" )
MySslServer::stateChanged( 6 )
MySslServer::stateChanged( 0 )
MySslServer::disconnected()
I noticed this and it might be a bug: QSslSocket does not appear to set
the error code correctly (notice it's -1, but there *is* an error
string). I ran my latest test with with The Qt 4.3.0-20070429 snapshot.
I used this command to generate the "key" and "cert" QStrings, and I
opened mycert.pem and copied the relevant portions into my code:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout
mycert.pem -out mycert.pem
Any ideas?
--Dave
------------------------------------------------------------------------
//
// This program starts a server on port 1234 and listens for SSL clients.
// It tries to hand-shake with them when connected.
//
#include <QCoreApplication>
#include <QTcpServer>
#include <QSslSocket>
#include <QSslCipher>
#include <QtDebug>
#include <QSslKey>
#include <QSslCertificate>
static const int port = 1234;
class MySslServer : public QTcpServer
{
Q_OBJECT
public:
MySslServer() : QTcpServer() {}
virtual ~MySslServer() {}
private slots:
void readyRead();
void encrypted();
void sslModeChanged( QSslSocket::SslMode );
void sslErrors( const QList<QSslError>& );
void disconnected();
void connected();
void error( QAbstractSocket::SocketError );
void stateChanged( QAbstractSocket::SocketState );
protected:
virtual void incomingConnection( int socketDescriptor );
};
class MainApp : public QCoreApplication
{
public:
MainApp(int argc, char *argv[]);
virtual ~MainApp();
MySslServer *server;
};
void MySslServer::incomingConnection( int socketDescriptor )
{
qDebug() << "MySslServer::incomingConnection(" << socketDescriptor << ")";
QSslSocket *sslSocket = new QSslSocket( this );
connect( sslSocket, SIGNAL(readyRead()), this, SLOT(readyRead()) );
connect( sslSocket, SIGNAL(encrypted()), this, SLOT(encrypted()) );
connect( sslSocket, SIGNAL(modeChanged(QSslSocket::SslMode)), this, SLOT(sslModeChanged(QSslSocket::SslMode)) );
connect( sslSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(sslErrors(const QList<QSslError>&)) );
connect( sslSocket, SIGNAL(disconnected()), this, SLOT(disconnected()) );
connect( sslSocket, SIGNAL(connected()), this, SLOT(connected()) );
connect( sslSocket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(error(QAbstractSocket::SocketError)) );
connect( sslSocket, SIGNAL(stateChanged(QAbstractSocket::SocketState)), this, SLOT(stateChanged(QAbstractSocket::SocketState)) );
QString key =
"MIICWgIBAAKBgQC8C7fiBETDG7ykGpmtRxc326Pm5HDoekHcUS7DxpCLr4cRWDc0"
"52jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/al0UB5/YaIiNX4Zv89las8hLMi+Ah"
"FEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+GVxm7Bm5K5im8RTy4y+2KwIDAQAB"
"AoGABJIgWR0Tcs6kyjRfUeftd40eMcmRuQTnvuw2P8n+z3ZnyRMk3GNXmDwX9foi"
"uL3K97mykKOcy+B+1lea4uGOUQ40pLkjZl+tAsHLirNDl9kkL44WUKw/Tlh429kp"
"roeTI/jUjRESQoPRBP5Bwp21jX8lUAANOQRIf7xvDSpSMykCQQDrsaBbKlulPYpg"
"3ejN5hTGGjDkFeGh/IgOBJWwjH1JhSrrYYCF/6ZXeKGuixBsuXhhbjlbjRq9IgJE"
"8TR2rWsHAkEAzD8vH9HEvj31jJYlECBis0cUddUNsuqTryLhu+vPwZlQIjrG29/y"
"72X+XVS6/x6wwUgl8/0ZnAUvDG9WteQ+vQJAcvuA43jSpNZU/9TCklBAqjR0zZDv"
"NntgVJZgAHVJWeihe5the/2wRNQQ7HnjVWdWFxIS4VsBRGum98NEePE5WQI/AZh8"
"xcLdxp61TGPf5kBahQwJHOKNONicTsH3AYDWHq0T8zCCXTVisHwbgJ8o1tVmjBwE"
"L+PKT2268F3uT315AkB5QL7yPtRCzV1W1xFCeCl11cGceFKAubkUCMWckGGOX91O"
"ggIv32fSA+5zt9XTsiGJRcNe/GOw9YFJC8mg7YFE";
QString cert =
"MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBwMQswCQYDVQQGEwJVUzEN"
"MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxDDAKBgNVBAoT"
"A0FTVDEMMAoGA1UECxMDVVRPMR0wGwYDVQQDExRkanNtaXRobHguYXBwc2lnLmNv"
"bTAeFw0wNzA0MjQxOTU0MjlaFw0wODA0MjMxOTU0MjlaMHAxCzAJBgNVBAYTAlVT"
"MQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEMMAoGA1UE"
"ChMDQVNUMQwwCgYDVQQLEwNVVE8xHTAbBgNVBAMTFGRqc21pdGhseC5hcHBzaWcu"
"Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8C7fiBETDG7ykGpmtRxc3"
"26Pm5HDoekHcUS7DxpCLr4cRWDc052jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/a"
"l0UB5/YaIiNX4Zv89las8hLMi+AhFEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+"
"GVxm7Bm5K5im8RTy4y+2KwIDAQABo4HNMIHKMB0GA1UdDgQWBBQV/1cfoKpQ7B1u"
"wutfOZpdOpGMfjCBmgYDVR0jBIGSMIGPgBQV/1cfoKpQ7B1uwutfOZpdOpGMfqF0"
"pHIwcDELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQg"
"TGFrZSBDaXR5MQwwCgYDVQQKEwNBU1QxDDAKBgNVBAsTA1VUTzEdMBsGA1UEAxMU"
"ZGpzbWl0aGx4LmFwcHNpZy5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B"
"AQQFAAOBgQBDDv9Pds4cAzwcQmCH33st2zbs6i5HGkt43V2N9P8ze0GZa8Z88ni9"
"uBPf/iNZY/y0k6cSPe/mLZM5FysrbByeNVarknxJbUconyRGlbyslfaqeZv7bZMh"
"0GlXGA60mmCxyNglw4+BHRAboAK+ck7ssypzmA7hxqg4+l+i5brEpg==";
sslSocket->setLocalCertificate( QSslCertificate( cert.toAscii() ) );
sslSocket->setPrivateKey( QSslKey( key.toAscii(), QSsl::Rsa ) );
#if 0
qDebug() << " Supported ciphers:";
foreach( QSslCipher cipher, QSslSocket::supportedCiphers() )
qDebug() << cipher.name();
qDebug() << " Default ciphers:";
foreach( QSslCipher cipher, QSslSocket::defaultCiphers() )
qDebug() << cipher.name();
#endif
if( sslSocket->setSocketDescriptor( socketDescriptor ) )
{
qDebug() << " sslSocket mode: " << (int)sslSocket->mode();
qDebug() << " sslSocket state:" << (int)sslSocket->state();
qDebug() << "Calling sslSocket->startServerEncryption()";
sslSocket->startServerEncryption();
}
else
{
qWarning() << "Couldn't setSocketDescriptor(" << socketDescriptor << ") for this connection";
delete sslSocket;
}
}
void MySslServer::encrypted()
{
qDebug() << "MySslServer::encrypted()";
}
void MySslServer::sslModeChanged( QSslSocket::SslMode mode )
{
qDebug() << "MySslServer::sslModeChanged(" << (int)mode << ")";
}
void MySslServer::sslErrors( const QList<QSslError> &errList )
{
qDebug() << "MySslServer::sslErrors(";
foreach( QSslError err, errList )
qDebug() << " " << err.errorString();
qDebug() << ")";
}
void MySslServer::disconnected()
{
qDebug() << "MySslServer::disconnected()";
}
void MySslServer::connected()
{
qDebug() << "MySslServer::connected()";
}
void MySslServer::error( QAbstractSocket::SocketError err )
{
QSslSocket *socket = qobject_cast<QSslSocket*>( sender() );
Q_ASSERT( socket );
qDebug() << "MySslServer::error(" << (int)err << socket->errorString() << ")";
}
void MySslServer::stateChanged( QAbstractSocket::SocketState state )
{
qDebug() << "MySslServer::stateChanged(" << (int)state << ")";
}
void MySslServer::readyRead()
{
qDebug() << "MySslServer::readyRead()";
QSslSocket *socket = qobject_cast<QSslSocket*>( sender() );
Q_ASSERT( socket );
QTextStream stream( socket );
QString line;
while( ! (line = stream.readLine()).isNull() )
{
qDebug() << "Read from socket:" << line;
}
}
MainApp::MainApp( int argc, char *argv[] ) :
QCoreApplication( argc, argv ), server( new MySslServer() )
{
qDebug() << "Listening on port" << port << "...";
server->listen( QHostAddress::Any, port );
}
MainApp::~MainApp()
{
delete server;
}
int main(int argc, char **argv)
{
MainApp app(argc, argv);
return app.exec();
}
#include "main.moc"
//
// This program starts a server on port 1234 and listens for SSL clients.
// It tries to hand-shake with them when connected.
//
#include <QCoreApplication>
#include <QTcpServer>
#include <QSslSocket>
#include <QSslCipher>
#include <QtDebug>
#include <QSslKey>
#include <QSslCertificate>
static const int port = 1234;
class MySslServer : public QTcpServer
{
Q_OBJECT
public:
MySslServer() : QTcpServer() {}
virtual ~MySslServer() {}
private slots:
void readyRead();
void encrypted();
void sslModeChanged( QSslSocket::SslMode );
void sslErrors( const QList<QSslError>& );
void disconnected();
void connected();
void error( QAbstractSocket::SocketError );
void stateChanged( QAbstractSocket::SocketState );
protected:
virtual void incomingConnection( int socketDescriptor );
};
class MainApp : public QCoreApplication
{
public:
MainApp(int argc, char *argv[]);
virtual ~MainApp();
MySslServer *server;
};
void MySslServer::incomingConnection( int socketDescriptor )
{
qDebug() << "MySslServer::incomingConnection(" << socketDescriptor << ")";
QSslSocket *sslSocket = new QSslSocket( this );
connect( sslSocket, SIGNAL(readyRead()), this, SLOT(readyRead()) );
connect( sslSocket, SIGNAL(encrypted()), this, SLOT(encrypted()) );
connect( sslSocket, SIGNAL(modeChanged(QSslSocket::SslMode)), this, SLOT(sslModeChanged(QSslSocket::SslMode)) );
connect( sslSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(sslErrors(const QList<QSslError>&)) );
connect( sslSocket, SIGNAL(disconnected()), this, SLOT(disconnected()) );
connect( sslSocket, SIGNAL(connected()), this, SLOT(connected()) );
connect( sslSocket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(error(QAbstractSocket::SocketError)) );
connect( sslSocket, SIGNAL(stateChanged(QAbstractSocket::SocketState)), this, SLOT(stateChanged(QAbstractSocket::SocketState)) );
QString key =
"MIICWgIBAAKBgQC8C7fiBETDG7ykGpmtRxc326Pm5HDoekHcUS7DxpCLr4cRWDc0"
"52jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/al0UB5/YaIiNX4Zv89las8hLMi+Ah"
"FEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+GVxm7Bm5K5im8RTy4y+2KwIDAQAB"
"AoGABJIgWR0Tcs6kyjRfUeftd40eMcmRuQTnvuw2P8n+z3ZnyRMk3GNXmDwX9foi"
"uL3K97mykKOcy+B+1lea4uGOUQ40pLkjZl+tAsHLirNDl9kkL44WUKw/Tlh429kp"
"roeTI/jUjRESQoPRBP5Bwp21jX8lUAANOQRIf7xvDSpSMykCQQDrsaBbKlulPYpg"
"3ejN5hTGGjDkFeGh/IgOBJWwjH1JhSrrYYCF/6ZXeKGuixBsuXhhbjlbjRq9IgJE"
"8TR2rWsHAkEAzD8vH9HEvj31jJYlECBis0cUddUNsuqTryLhu+vPwZlQIjrG29/y"
"72X+XVS6/x6wwUgl8/0ZnAUvDG9WteQ+vQJAcvuA43jSpNZU/9TCklBAqjR0zZDv"
"NntgVJZgAHVJWeihe5the/2wRNQQ7HnjVWdWFxIS4VsBRGum98NEePE5WQI/AZh8"
"xcLdxp61TGPf5kBahQwJHOKNONicTsH3AYDWHq0T8zCCXTVisHwbgJ8o1tVmjBwE"
"L+PKT2268F3uT315AkB5QL7yPtRCzV1W1xFCeCl11cGceFKAubkUCMWckGGOX91O"
"ggIv32fSA+5zt9XTsiGJRcNe/GOw9YFJC8mg7YFE";
QString cert =
"MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBwMQswCQYDVQQGEwJVUzEN"
"MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxDDAKBgNVBAoT"
"A0FTVDEMMAoGA1UECxMDVVRPMR0wGwYDVQQDExRkanNtaXRobHguYXBwc2lnLmNv"
"bTAeFw0wNzA0MjQxOTU0MjlaFw0wODA0MjMxOTU0MjlaMHAxCzAJBgNVBAYTAlVT"
"MQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEMMAoGA1UE"
"ChMDQVNUMQwwCgYDVQQLEwNVVE8xHTAbBgNVBAMTFGRqc21pdGhseC5hcHBzaWcu"
"Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8C7fiBETDG7ykGpmtRxc3"
"26Pm5HDoekHcUS7DxpCLr4cRWDc052jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/a"
"l0UB5/YaIiNX4Zv89las8hLMi+AhFEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+"
"GVxm7Bm5K5im8RTy4y+2KwIDAQABo4HNMIHKMB0GA1UdDgQWBBQV/1cfoKpQ7B1u"
"wutfOZpdOpGMfjCBmgYDVR0jBIGSMIGPgBQV/1cfoKpQ7B1uwutfOZpdOpGMfqF0"
"pHIwcDELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQg"
"TGFrZSBDaXR5MQwwCgYDVQQKEwNBU1QxDDAKBgNVBAsTA1VUTzEdMBsGA1UEAxMU"
"ZGpzbWl0aGx4LmFwcHNpZy5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B"
"AQQFAAOBgQBDDv9Pds4cAzwcQmCH33st2zbs6i5HGkt43V2N9P8ze0GZa8Z88ni9"
"uBPf/iNZY/y0k6cSPe/mLZM5FysrbByeNVarknxJbUconyRGlbyslfaqeZv7bZMh"
"0GlXGA60mmCxyNglw4+BHRAboAK+ck7ssypzmA7hxqg4+l+i5brEpg==";
sslSocket->setLocalCertificate( QSslCertificate( cert.toAscii() ) );
sslSocket->setPrivateKey( QSslKey( key.toAscii(), QSsl::Rsa ) );
#if 0
qDebug() << " Supported ciphers:";
foreach( QSslCipher cipher, QSslSocket::supportedCiphers() )
qDebug() << cipher.name();
qDebug() << " Default ciphers:";
foreach( QSslCipher cipher, QSslSocket::defaultCiphers() )
qDebug() << cipher.name();
#endif
if( sslSocket->setSocketDescriptor( socketDescriptor ) )
{
qDebug() << " sslSocket mode: " << (int)sslSocket->mode();
qDebug() << " sslSocket state:" << (int)sslSocket->state();
qDebug() << "Calling sslSocket->startServerEncryption()";
sslSocket->startServerEncryption();
}
else
{
qWarning() << "Couldn't setSocketDescriptor(" << socketDescriptor << ") for this connection";
delete sslSocket;
}
}
void MySslServer::encrypted()
{
qDebug() << "MySslServer::encrypted()";
}
void MySslServer::sslModeChanged( QSslSocket::SslMode mode )
{
qDebug() << "MySslServer::sslModeChanged(" << (int)mode << ")";
}
void MySslServer::sslErrors( const QList<QSslError> &errList )
{
qDebug() << "MySslServer::sslErrors(";
foreach( QSslError err, errList )
qDebug() << " " << err.errorString();
qDebug() << ")";
}
void MySslServer::disconnected()
{
qDebug() << "MySslServer::disconnected()";
}
void MySslServer::connected()
{
qDebug() << "MySslServer::connected()";
}
void MySslServer::error( QAbstractSocket::SocketError err )
{
QSslSocket *socket = qobject_cast<QSslSocket*>( sender() );
Q_ASSERT( socket );
qDebug() << "MySslServer::error(" << (int)err << socket->errorString() << ")";
}
void MySslServer::stateChanged( QAbstractSocket::SocketState state )
{
qDebug() << "MySslServer::stateChanged(" << (int)state << ")";
}
void MySslServer::readyRead()
{
qDebug() << "MySslServer::readyRead()";
QSslSocket *socket = qobject_cast<QSslSocket*>( sender() );
Q_ASSERT( socket );
QTextStream stream( socket );
QString line;
while( ! (line = stream.readLine()).isNull() )
{
qDebug() << "Read from socket:" << line;
}
}
MainApp::MainApp( int argc, char *argv[] ) :
QCoreApplication( argc, argv ), server( new MySslServer() )
{
qDebug() << "Listening on port" << port << "...";
server->listen( QHostAddress::Any, port );
}
MainApp::~MainApp()
{
delete server;
}
int main(int argc, char **argv)
{
MainApp app(argc, argv);
return app.exec();
}
#include "main.moc"
Message 2 in thread
Dave Smith wrote:
> I am trying to get QSslSocket working on the server side. I've attached
> my server-side code (just one file: main.cxx). Is there something I'm
> doing wrong here?
> sslSocket->setLocalCertificate( QSslCertificate( cert.toAscii() ) );
> sslSocket->setPrivateKey( QSslKey( key.toAscii(), QSsl::Rsa ) );
Both your certificate and your private key are null; there's certainly a bug
here, but the one stopping your server from working is in your code ;-).
Notice that both QSslCertificate and QSslKey take a PEM encoded certificate
by default, but what you're sending is pure base64 - it's missing the PEM
header and footer. The key and cert do not parse successfully, and so they
end up being null certs/keys. Setting a null key is a noop, so your server
ends up having no key and no certificate, so the SSL context fails to
initialize, so there's no shared cipher ;-).
The bug is that QSslSocket doesn't let you know why it failed. It does tell
you why at the lowest level possible, but the real problem is that the cert
and key are empty / failed to parse.
Hope that helps! I'll see if we can fix the error reporting bug.
--
[ signature omitted ]
Message 3 in thread
Andreas Aardal Hanssen wrote:
> Both your certificate and your private key are null; there's certainly a bug
> here, but the one stopping your server from working is in your code ;-).
> Notice that both QSslCertificate and QSslKey take a PEM encoded certificate
> by default, but what you're sending is pure base64 - it's missing the PEM
> header and footer. The key and cert do not parse successfully, and so they
> end up being null certs/keys. Setting a null key is a noop, so your server
> ends up having no key and no certificate, so the SSL context fails to
> initialize, so there's no shared cipher ;-).
>
> The bug is that QSslSocket doesn't let you know why it failed. It does tell
> you why at the lowest level possible, but the real problem is that the cert
> and key are empty / failed to parse.
>
> Hope that helps! I'll see if we can fix the error reporting bug
Thanks for the info Andreas. I've modified my code to include the
headers/footers for the key and cert, and now I realize that I should
check for isNull() on them as well. My cert is showing as null, even
after changing my strings to look like this:
QString keyStr =
"-----BEGIN RSA PRIVATE KEY-----\n"
"MIICWgIBAAKBgQC8C7fiBETDG7ykGpmtRxc326Pm5HDoekHcUS7DxpCLr4cRWDc0"
"52jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/al0UB5/YaIiNX4Zv89las8hLMi+Ah"
"FEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+GVxm7Bm5K5im8RTy4y+2KwIDAQAB"
"AoGABJIgWR0Tcs6kyjRfUeftd40eMcmRuQTnvuw2P8n+z3ZnyRMk3GNXmDwX9foi"
"uL3K97mykKOcy+B+1lea4uGOUQ40pLkjZl+tAsHLirNDl9kkL44WUKw/Tlh429kp"
"roeTI/jUjRESQoPRBP5Bwp21jX8lUAANOQRIf7xvDSpSMykCQQDrsaBbKlulPYpg"
"3ejN5hTGGjDkFeGh/IgOBJWwjH1JhSrrYYCF/6ZXeKGuixBsuXhhbjlbjRq9IgJE"
"8TR2rWsHAkEAzD8vH9HEvj31jJYlECBis0cUddUNsuqTryLhu+vPwZlQIjrG29/y"
"72X+XVS6/x6wwUgl8/0ZnAUvDG9WteQ+vQJAcvuA43jSpNZU/9TCklBAqjR0zZDv"
"NntgVJZgAHVJWeihe5the/2wRNQQ7HnjVWdWFxIS4VsBRGum98NEePE5WQI/AZh8"
"xcLdxp61TGPf5kBahQwJHOKNONicTsH3AYDWHq0T8zCCXTVisHwbgJ8o1tVmjBwE"
"L+PKT2268F3uT315AkB5QL7yPtRCzV1W1xFCeCl11cGceFKAubkUCMWckGGOX91O"
"ggIv32fSA+5zt9XTsiGJRcNe/GOw9YFJC8mg7YFE\n"
"-----END RSA PRIVATE KEY-----";
QString certStr =
"-----BEGIN CERTIFICATE-----\n"
"MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBwMQswCQYDVQQGEwJVUzEN"
"MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxDDAKBgNVBAoT"
"A0FTVDEMMAoGA1UECxMDVVRPMR0wGwYDVQQDExRkanNtaXRobHguYXBwc2lnLmNv"
"bTAeFw0wNzA0MjQxOTU0MjlaFw0wODA0MjMxOTU0MjlaMHAxCzAJBgNVBAYTAlVT"
"MQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEMMAoGA1UE"
"ChMDQVNUMQwwCgYDVQQLEwNVVE8xHTAbBgNVBAMTFGRqc21pdGhseC5hcHBzaWcu"
"Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8C7fiBETDG7ykGpmtRxc3"
"26Pm5HDoekHcUS7DxpCLr4cRWDc052jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/a"
"l0UB5/YaIiNX4Zv89las8hLMi+AhFEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+"
"GVxm7Bm5K5im8RTy4y+2KwIDAQABo4HNMIHKMB0GA1UdDgQWBBQV/1cfoKpQ7B1u"
"wutfOZpdOpGMfjCBmgYDVR0jBIGSMIGPgBQV/1cfoKpQ7B1uwutfOZpdOpGMfqF0"
"pHIwcDELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQg"
"TGFrZSBDaXR5MQwwCgYDVQQKEwNBU1QxDDAKBgNVBAsTA1VUTzEdMBsGA1UEAxMU"
"ZGpzbWl0aGx4LmFwcHNpZy5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B"
"AQQFAAOBgQBDDv9Pds4cAzwcQmCH33st2zbs6i5HGkt43V2N9P8ze0GZa8Z88ni9"
"uBPf/iNZY/y0k6cSPe/mLZM5FysrbByeNVarknxJbUconyRGlbyslfaqeZv7bZMh"
"0GlXGA60mmCxyNglw4+BHRAboAK+ck7ssypzmA7hxqg4+l+i5brEpg==\n"
"-----END CERTIFICATE-----";
I'm going to try to load the cert/key from file now and report how that
goes.
To unsubscribe - send "unsubscribe" in the subject to qt4-preview-feedback-request@xxxxxxxxxxxxx
Message 4 in thread
Dave Smith wrote:
> QString keyStr =
> "-----BEGIN RSA PRIVATE KEY-----\n"
> "MIICWgIBAAKBgQC8C7fiBETDG7ykGpmtRxc326Pm5HDoekHcUS7DxpCLr4cRWDc0"
> "52jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/al0UB5/YaIiNX4Zv89las8hLMi+Ah"
> "FEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+GVxm7Bm5K5im8RTy4y+2KwIDAQAB"
> "AoGABJIgWR0Tcs6kyjRfUeftd40eMcmRuQTnvuw2P8n+z3ZnyRMk3GNXmDwX9foi"
> "uL3K97mykKOcy+B+1lea4uGOUQ40pLkjZl+tAsHLirNDl9kkL44WUKw/Tlh429kp"
> "roeTI/jUjRESQoPRBP5Bwp21jX8lUAANOQRIf7xvDSpSMykCQQDrsaBbKlulPYpg"
> "3ejN5hTGGjDkFeGh/IgOBJWwjH1JhSrrYYCF/6ZXeKGuixBsuXhhbjlbjRq9IgJE"
> "8TR2rWsHAkEAzD8vH9HEvj31jJYlECBis0cUddUNsuqTryLhu+vPwZlQIjrG29/y"
> "72X+XVS6/x6wwUgl8/0ZnAUvDG9WteQ+vQJAcvuA43jSpNZU/9TCklBAqjR0zZDv"
> "NntgVJZgAHVJWeihe5the/2wRNQQ7HnjVWdWFxIS4VsBRGum98NEePE5WQI/AZh8"
> "xcLdxp61TGPf5kBahQwJHOKNONicTsH3AYDWHq0T8zCCXTVisHwbgJ8o1tVmjBwE"
> "L+PKT2268F3uT315AkB5QL7yPtRCzV1W1xFCeCl11cGceFKAubkUCMWckGGOX91O"
> "ggIv32fSA+5zt9XTsiGJRcNe/GOw9YFJC8mg7YFE\n"
> "-----END RSA PRIVATE KEY-----";
This doesn't seem to work with OpenSSL either; have you tried using the
certificates as they are stored on disk by OpenSSL, and feed them into
these constructors byte by byte?
--
[ signature omitted ]
Message 5 in thread
Andreas Aardal Hanssen wrote:
> Dave Smith wrote:
>
>> QString keyStr =
>> "-----BEGIN RSA PRIVATE KEY-----\n"
>> "MIICWgIBAAKBgQC8C7fiBETDG7ykGpmtRxc326Pm5HDoekHcUS7DxpCLr4cRWDc0"
>> "52jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/al0UB5/YaIiNX4Zv89las8hLMi+Ah"
>> "FEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+GVxm7Bm5K5im8RTy4y+2KwIDAQAB"
>> "AoGABJIgWR0Tcs6kyjRfUeftd40eMcmRuQTnvuw2P8n+z3ZnyRMk3GNXmDwX9foi"
>> "uL3K97mykKOcy+B+1lea4uGOUQ40pLkjZl+tAsHLirNDl9kkL44WUKw/Tlh429kp"
>> "roeTI/jUjRESQoPRBP5Bwp21jX8lUAANOQRIf7xvDSpSMykCQQDrsaBbKlulPYpg"
>> "3ejN5hTGGjDkFeGh/IgOBJWwjH1JhSrrYYCF/6ZXeKGuixBsuXhhbjlbjRq9IgJE"
>> "8TR2rWsHAkEAzD8vH9HEvj31jJYlECBis0cUddUNsuqTryLhu+vPwZlQIjrG29/y"
>> "72X+XVS6/x6wwUgl8/0ZnAUvDG9WteQ+vQJAcvuA43jSpNZU/9TCklBAqjR0zZDv"
>> "NntgVJZgAHVJWeihe5the/2wRNQQ7HnjVWdWFxIS4VsBRGum98NEePE5WQI/AZh8"
>> "xcLdxp61TGPf5kBahQwJHOKNONicTsH3AYDWHq0T8zCCXTVisHwbgJ8o1tVmjBwE"
>> "L+PKT2268F3uT315AkB5QL7yPtRCzV1W1xFCeCl11cGceFKAubkUCMWckGGOX91O"
>> "ggIv32fSA+5zt9XTsiGJRcNe/GOw9YFJC8mg7YFE\n"
>> "-----END RSA PRIVATE KEY-----";
>>
>
> This doesn't seem to work with OpenSSL either; have you tried using the
> certificates as they are stored on disk by OpenSSL, and feed them into
> these constructors byte by byte
I've now tried the above method (as QString) and by passing a QFile to
the QSslCertificate constructor, but in both cases, I get an isNull()
cert object.
--Dave
To unsubscribe - send "unsubscribe" in the subject to qt4-preview-feedback-request@xxxxxxxxxxxxx
Message 6 in thread
Dave Smith wrote:
>> This doesn't seem to work with OpenSSL either; have you tried using the
>> certificates as they are stored on disk by OpenSSL, and feed them into
>> these constructors byte by byte
> I've now tried the above method (as QString) and by passing a QFile to
> the QSslCertificate constructor, but in both cases, I get an isNull()
> cert object.
I've managed to get your key and cert parsed with three approaches; from a
file, from data, and through the QSslCertificate::fromPath() functions.
I've found one bug that might be affecting your code path; could you try
adding QSslSocket::supportsSsl() to the start of your main()?
Btw, the cert file contains the same as the bytearray below.
-----
#include <QtGui>
#include <QtNetwork>
int main(int argc, char *argv[])
{
QApplication app(argc, argv);
QSslSocket::supportsSsl();
QList<QSslCertificate> certs = QSslCertificate::fromPath("cert");
qDebug() << "Loaded # certs from disk:" << certs.size();
qDebug() << "Cert is null?" << certs.first().isNull();
QFile file("cert");
file.open(QIODevice::ReadOnly);
qDebug() << "Loaded cert from file, is null?" <<
QSslCertificate(&file).isNull();
QByteArray data("-----BEGIN CERTIFICATE-----\n"
"MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBwMQswCQYDVQQGEwJVUzEN\n"
"MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxDDAKBgNVBAoT\n"
"A0FTVDEMMAoGA1UECxMDVVRPMR0wGwYDVQQDExRkanNtaXRobHguYXBwc2lnLmNv\n"
"bTAeFw0wNzA0MjQxOTU0MjlaFw0wODA0MjMxOTU0MjlaMHAxCzAJBgNVBAYTAlVT\n"
"MQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEMMAoGA1UE\n"
"ChMDQVNUMQwwCgYDVQQLEwNVVE8xHTAbBgNVBAMTFGRqc21pdGhseC5hcHBzaWcu\n"
"Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8C7fiBETDG7ykGpmtRxc3\n"
"26Pm5HDoekHcUS7DxpCLr4cRWDc052jfAXpOcEh1ExOwZe6yuve42v4LpEZ3UA/a\n"
"l0UB5/YaIiNX4Zv89las8hLMi+AhFEv25vhFctKRD+MbwGV2aFqhfCXyXusF/hx+\n"
"GVxm7Bm5K5im8RTy4y+2KwIDAQABo4HNMIHKMB0GA1UdDgQWBBQV/1cfoKpQ7B1u\n"
"wutfOZpdOpGMfjCBmgYDVR0jBIGSMIGPgBQV/1cfoKpQ7B1uwutfOZpdOpGMfqF0\n"
"pHIwcDELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQg\n"
"TGFrZSBDaXR5MQwwCgYDVQQKEwNBU1QxDDAKBgNVBAsTA1VUTzEdMBsGA1UEAxMU\n"
"ZGpzbWl0aGx4LmFwcHNpZy5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\n"
"AQQFAAOBgQBDDv9Pds4cAzwcQmCH33st2zbs6i5HGkt43V2N9P8ze0GZa8Z88ni9\n"
"uBPf/iNZY/y0k6cSPe/mLZM5FysrbByeNVarknxJbUconyRGlbyslfaqeZv7bZMh\n"
"0GlXGA60mmCxyNglw4+BHRAboAK+ck7ssypzmA7hxqg4+l+i5brEpg==\n"
"-----END CERTIFICATE-----\n");
qDebug() << "Loaded cert from data, is null?"
<< QSslCertificate(data).isNull();
}
--
[ signature omitted ]
Message 7 in thread
Andreas Aardal Hanssen wrote:
> I've managed to get your key and cert parsed with three approaches; from a
> file, from data, and through the QSslCertificate::fromPath() functions.
> I've found one bug that might be affecting your code path; could you try
> adding QSslSocket::supportsSsl() to the start of your main()?
>
QSslSocket::supportsSsl() does indeed return true.
I think I just discovered the problem. The "-----END CERTIFICATE-----"
line must end with "\n". Mine did not. The cert loads now. Will update
you as to the key in a moment.
--Dave
To unsubscribe - send "unsubscribe" in the subject to qt4-preview-feedback-request@xxxxxxxxxxxxx
Message 8 in thread
Dave Smith wrote:
> Andreas Aardal Hanssen wrote:
>> I've managed to get your key and cert parsed with three approaches;
>> from a
>> file, from data, and through the QSslCertificate::fromPath() functions.
>> I've found one bug that might be affecting your code path; could you try
>> adding QSslSocket::supportsSsl() to the start of your main()?
>>
> QSslSocket::supportsSsl() does indeed return true.
>
> I think I just discovered the problem. The "-----END CERTIFICATE-----"
> line must end with "\n". Mine did not. The cert loads now. Will update
> you as to the key in a moment.
Same problem with the key string. Loading the QSslKey works now. :)
(always the simple things isn't it?)
--Dave
To unsubscribe - send "unsubscribe" in the subject to qt4-preview-feedback-request@xxxxxxxxxxxxx
