[Interest] SSL & Let's Encrypt certificate expiration
maitai
maitai at virtual-winds.org
Tue Oct 5 19:29:09 CEST 2021
Hi all,
Since the Let's Encrypt root certificate expired, we have a few users
unable to initiate a SSL connexion (most of them on recent Windows 10
version, app built with qt 5.15.6, but also some linux cases). We are
using OpenSSL 1.1.1.
After some searches, we found out that the ca-certificates list is empty
in that cases. In some Linux occurrences, the list becomes "loaded"
after around 10 minutes, and all was fine until the user restarts the
application. In some other cases waiting does nothing to fix the issue.
I must say that most users are OK, it impacted only a few of them, and I
was not able to find a common pattern like Windows version or so.
What we did finally to fix it is to force the loading of
CA-Certificates, that way, during the initialization of the application:
QSslConfiguration def = QSslConfiguration::defaultConfiguration();
def.setCaCertificates(QSslConfiguration::systemCaCertificates());
QSslConfiguration::setDefaultConfiguration(def);
And then all is fine.
I am still scratching my head about this though. Isn't it supposed to be
useless to do that? Any insight on what is going on there will be
appreciated.
Thanks
Philippe Lelong.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20211005/934389c2/attachment.html>
More information about the Interest
mailing list