[Qt-interest] QT and SSL certificates

Andreas Roth aroth at arsoft-online.com
Wed Feb 18 16:48:09 CET 2009 

On Wednesday 18 February 2009 15:13:25 you wrote:
> Andreas Roth wrote:
> >> Andreas Roth wrote:
> >>>Good morning,
> >>>
> >>>i'm using QT version 4.4.3 and i have a problem concerning
> >>> certificates. My apache2 webserver is set up with a SSL site and it
> >>> works fine with firefox and the openssl command line. E.g.
> >>>openssl s_client -connect myhostname:443 -CAfile cacert.pem
> >>>But when i use the securesocketclient example from QT, i get the
> >>> message 'the signature of the certificate is invalid'. I don't know
> >>> why and maybe somebody out here could tell me. Are there any special
> >>> checks for the certificate in QT?
> >>
> >> Can you post your modifications to the securesocketclient example? You
> >> mentioned your s_client command-line used the -CAfile switch, so you
> >> have to set the CA certificate list in the QSslSocket too.
> >
> >I haven't changed the securesocketclient example. I just installed the
> > CA certificate in /etc/ssl/certs.
> >If the CA certificate is not recognized i get the appropriate error
> >message and i know why. But the 'the signature of the certificate is
> >invalid' error is strange, since i do not know the reason for it.
>
> Qt doesn't read the certificates in there.
>
> If you don't enable the certificate explicitly with setCaCertificates, you
> don't get it.

Thanks Thiago for the advise to add the certficate to the socket.
In sslclient.cpp i modifed the SslClient::secureConnect() method as follows:

void SslClient::secureConnect()
{
    if (!socket) {
        socket = new QSslSocket(this);
        connect(socket, SIGNAL(stateChanged(QAbstractSocket::SocketState)),
                this, SLOT(socketStateChanged(QAbstractSocket::SocketState)));
        connect(socket, SIGNAL(encrypted()),
                this, SLOT(socketEncrypted()));
        connect(socket, SIGNAL(sslErrors(QList<QSslError>)),
                this, SLOT(sslErrors(QList<QSslError>)));
        connect(socket, SIGNAL(readyRead()),
                this, SLOT(socketReadyRead()));
		socket->setCaCertificates(QSslSocket::systemCaCertificates ());
		socket->addCaCertificates("/etc/ssl/certs/arsoft_ca_root.pem");
    }

    socket->connectToHostEncrypted(form->hostNameEdit->text(), form->portBox-
>value());
    updateEnabledState();
}

But still I get 'the signature of the certificate is invalid' errors. Any 
further changes I need to do?

Thanks,
Andreas

More information about the Qt-interest-old mailing list