[Interest] wss:// on localhost
Alexander Carôt
alexander_carot at gmx.net
Mon Aug 3 23:16:59 CEST 2020
> Sorry, I might be missing some critical piece of information: is it a browser
> that is connecting to your websocket service? I thought it was a web view,
> whose CA list you could control.
The most simple way to describe it this:
A conventional html page (classical web browser) launches a websocket via wss://localhost:1234 and connects to a Qt application which hosts a QtWebsocket Server which binds to localhost:1234. This way I achieve communication between browser and app. Would love to stay with ws:// but modern CMS (well - websites in general) etc. require using SSL and mixed content is not working anymore.
Best
Alex
--
http://www.carot.de
Email : Alexander at Carot.de
Tel.: +49 (0)177 5719797
> Gesendet: Montag, 03. August 2020 um 19:49 Uhr
> Von: "Thiago Macieira" <thiago.macieira at intel.com>
> An: interest at qt-project.org
> Betreff: Re: [Interest] wss:// on localhost
>
> On Sunday, 2 August 2020 16:09:32 PDT Hamish Moffatt wrote:
> > On 3/8/20 9:05 am, Alexander Carôt wrote:
> > >> I repeat: whatever you do, don't ship a private key.
> > >
> > > Allright - will consider alternative ideas.
> >
> > Consider generating your own root CA certificate and asking your users
> > to install that in their browser. Then sign the site certificate (for a
> > non-existent, non-registerable domain) with that.
>
> Sorry, I might be missing some critical piece of information: is it a browser
> that is connecting to your websocket service? I thought it was a web view,
> whose CA list you could control.
>
> If you can't programmatically control the CA list of the WS client, then I
> don't see a secure solution. Doing what Hamish just suggested is not a good
> idea either, as becoming a CA has huge implications. If you get hacked, then
> your clients can get hacked too. And you become a target of hacks because your
> clients are installing your root CA.
>
> My suggestion of generating on each client works only so long as you control
> both sides of the websocket connection (client and server).
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
> Software Architect - Intel DPG Cloud Engineering
>
>
>
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
>
More information about the Interest
mailing list