[Qt-interest] problem with client certificate in SSL connection

Serge mb0 at km.ru
Fri Feb 6 09:29:55 CET 2009 

Hello,

i need to establish SSL connection from QT program to web server.

in QT 4.3.3 program i write:
--------------------------------------------------

	QSslCertificate v_localCert;
	{
		QString v_fn(":/crt/my_cert.crt");
		QFile f(v_fn);
		if (!f.open(QIODevice::ReadOnly))
			qDebug() << "Can't open " << v_fn;
		QSslCertificate cert(&f);
		if (cert.isNull())
		{
			qDebug() << "Null cert: " << v_fn;
			return 0;
		}
		else
		if (!cert.isValid())
		{
			qDebug() << "Invalid cert: " << v_fn;
			return 0;
		}
		else
			v_localCert = cert;
	}

	QSslSocket socket;

	socket.setLocalCertificate(v_localCert);
socket.setPrivateKey(":/crt/my_priv_key.pem",QSsl::Rsa,QSsl::Pem,QString("password").toUtf8());

	QSslKey &key = socket.privateKey();
	if (key.isNull())
	{
		qDebug() << "Empty local private key" << key.length();
		return 0;
	}
	else
	if (key.length()!=2048)
	{
		qDebug() << "Wrong private key " << key.length();
		return 0;
	}

	socket.connectToHostEncrypted("www.mysite.com", 443);
	
	if (!socket.waitForEncrypted())
	{
		qDebug() << socket.errorString();
		return false;
	}
	

	socket.write("GET /as/ HTTP/1.0\r\n\r\n");
	while (socket.waitForReadyRead())
		qDebug() << socket.readAll().data();

--------------------------------------------------
client certificate prepared using this command:

openssl req -new -x509 -newkey rsa:2048 -out my_cert.crt -keyout 
my_priv_key.pem -passout file:key.pwd -set_serial 0x724690 -days 18250 
-batch -verbose

--------------------------------------------------

on the server side, i write in ASP.NET script:

--------------------------------------------------
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class _Default : System.Web.UI.Page
{
     protected void Page_Load(object sender, EventArgs e)
     {
         HttpClientCertificate cert = Request.ClientCertificate;
         if (cert.IsPresent)
             lbl_HelloWorld.Text = cert.Get("SUBJECT O");
         else
             lbl_HelloWorld.Text = "No certificate was found.";
     }
}
--------------------------------------------------

if program connects, it receives message "No certificate was found."
I do not understand why it happens.
Or client certificate is not used in SSL connection, or ASP.NET on web 
server do not see it.
How to detect, was client certificate key used in SSL connection?

--
Serge

More information about the Qt-interest-old mailing list