[Interest] qtWebsocket SSL question

Neil Williams neil+qt at copycopy.cc
Sat Apr 16 18:13:11 CEST 2016


Not sure on your platform but we had some problems running a websocket
server on Mac non-openssl build due to the QNetwork's Secure Transport
based implementation not supporting pkcs8 keys, the full certificate chain
(ca-bundle) was required to be present too, which wasn't on Windows using
openssl iirc.

Use isNull after construction of QSslKey & QSslCertificate to see if your
key/cert is loading successfully.

Anyway, we switched to using openssl and things went smoother.

Also, not sure on what your websocket client is but if using a browser,
there are things to be aware of when doing connectioned to localhost
websocket servers:
https://bugs.chromium.org/p/chromium/issues/detail?id=378566

On Wed, Apr 13, 2016 at 7:59 PM, "Alexander Carôt" <alexander_carot at gmx.net>
wrote:

> Hello,
>
> with respect to my last question I realized that the only SSL-related part
> within the ssl-Websocket-ssl-server occurs right in the constructor:
>
> QSslConfiguration sslConfiguration;
> QFile certFile(QStringLiteral(":/server.crt"));
> QFile keyFile(QStringLiteral(":/server.key"));
> certFile.open(QIODevice::ReadOnly);
> keyFile.open(QIODevice::ReadOnly);
>
> QSslCertificate certificate(&certFile, QSsl::Pem);
> QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem);
> certFile.close();
> keyFile.close();
>
> sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
> sslConfiguration.setLocalCertificate(certificate);
> sslConfiguration.setPrivateKey(sslKey);
> sslConfiguration.setProtocol(QSsl::TlsV1SslV3);
> m_pWebSocketServer->setSslConfiguration(sslConfiguration);
>
> Additionally the ssl-socket is connected to the following slot:
>
> void EchoServer::onSslErrors(const QList<QSslError> &){
>     cout << "Ssl errors occurred" << endl;
> }
>
> Since I still cannot connect via wss://myDomain:1234 (ws does connect
> fine) I would have expected ssl-errors but this is not the case: The only
> obvious fact is that it tries to connect and fails after a timeout of
> several seconds.
>
> Any hint appreciated how to address this issue.
>
> Thanks in advance,
> best
>
> Alex
>
>
> --
> http://www.carot.de
> Email : Alexander at Carot.de
> Tel.: +49 (0)177 5719797
>
>
> > Gesendet: Freitag, 08. April 2016 um 23:27 Uhr
> > Von: "Alexander Carôt" <alexander_carot at gmx.net>
> > An: "Jason H" <jhihn at gmx.com>
> > Cc: "qt qt" <interest at qt-project.org>
> > Betreff: Aw: Re: [Interest] qtWebsocket SSL question
> >
> > see below:
> >
> > Thanks a lot - this way I was able to generate the required files (I did
> it according to this link:
> >
> >
> https://developer.salesforce.com/blogs/developer-relations/2011/05/generating-valid-self-signed-certificates.html
> )
> >
> > However, it still does not work. The non-SSL-Websocket example works
> perfectly fine on localhost and on a remote server but the SSL version
> doesn't.
> >
> > I simply ran the server (just as the non-SSL-version) listening on port
> 1234 and let the client connect via
> >
> > wss://localhost:1234 (or the respective remote server location)
> >
> > but immediately get the error message: "ERROR: undefined
> > DISCONNECTED"
> >
> > Is there any chance to further track down the connect process in order
> to figure why it actually doen't - or further hints ?
> >
> > Thanks !
> >
> > Alex
> >
> > --
> > http://www.carot.de
> > Email : Alexander at Carot.de
> > Tel.: +49 (0)177 5719797
> >
> >
> > > Gesendet: Freitag, 08. April 2016 um 17:54 Uhr
> > > Von: "Jason H" <jhihn at gmx.com>
> > > An: "Alexander Carôt" <alexander_carot at gmx.net>
> > > Cc: "qt qt" <interest at qt-project.org>
> > > Betreff: Re: [Interest] qtWebsocket SSL question
> > >
> > > Use openssl's cert generation features.
> > >
> > > > Sent: Friday, April 08, 2016 at 11:24 AM
> > > > From: "Alexander Carôt" <alexander_carot at gmx.net>
> > > > To: "qt qt" <interest at qt-project.org>
> > > > Subject: [Interest] qtWebsocket SSL question
> > > >
> > > > Hello all,
> > > >
> > > > I just started investigating websockets with Qt and now have a
> question regarding this example:
> > > >
> > > > http://doc.qt.io/qt-5/qtwebsockets-sslechoserver-example.html
> > > >
> > > > I compiled it but encountered the issue of missing files:
> > > >
> > > > RCC: Error in 'securesocketclient.qrc': Cannot find file
> 'localhost.cert'
> > > > make: *** [qrc_securesocketclient.cpp] Error 1
> > > >
> > > > In securesocketclient.qrc the following files are required:
> > > >
> > > > <!DOCTYPE RCC><RCC version="1.0">
> > > > <qresource>
> > > >     <file>localhost.cert</file>
> > > >     <file>localhost.key</file>
> > > > </qresource>
> > > > </RCC>
> > > >
> > > > and I wonder how or where to generate them and since I have no
> experience with security and certificates etc. I'd appreciate any comment.
> > > >
> > > > Thanks in advance,
> > > > best
> > >
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/interest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20160416/315028ad/attachment.html>


More information about the Interest mailing list