[Interest] QSslSocket with a self-signed certificate

[Konstantin Shegunov]

On Thu, Nov 22, 2018 at 7:54 PM Mårten Nordheim <marten.nordheim at qt.io>
wrote:

> Does it work if you call setProtocol(QSsl::TlsV1_2) on the client
> socket/configuration before connecting?


No, same error. I'm not 100% the problem is strictly the client because if
I run
$> openssl s_client -connect 127.0.0.1:7777 -tls1_2

I get the following:

CONNECTED(00000005)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 206 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : 0000
   Session-ID:
   Session-ID-ctx:
   Master-Key:
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   Start Time: 1542911999
   Timeout   : 7200 (sec)
   Verify return code: 0 (ok)
   Extended master secret: no
---

While at the server side debug output I read:

QAbstractSocket::ConnectedState
QAbstractSocket::SocketError(13) : Encrypting the connection failed
QAbstractSocket::UnconnectedState

The PSK emission you see sounds like OpenSSL 1.1.1 with TLS 1.3, but I
> don't think it should fail the handshake, or at least don't remember
> seeing it do that.
>

Indeed, the loaded library is openssl v1.1.1 from
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
Setting TLS 1.2 also emits preSharedKeyAuthenticationRequired, though.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20181122/6d95efbe/attachment.html>