[Qt-interest] QT and SSL certificates

Scott Aron Bloom Scott.Bloom at sabgroup.com
Wed Feb 18 19:11:08 CET 2009 


> -----Original Message-----
> From: qt-interest-bounces at trolltech.com [mailto:qt-interest-
> bounces at trolltech.com] On Behalf Of Andreas Roth
> Sent: Wednesday, February 18, 2009 7:48 AM
> To: Thiago Macieira; qt-interest at trolltech.com
> Subject: Re: [Qt-interest] QT and SSL certificates
> 
> On Wednesday 18 February 2009 15:13:25 you wrote:
> > Andreas Roth wrote:
> > >> Andreas Roth wrote:
> > >>>Good morning,
> > >>>
> > >>>i'm using QT version 4.4.3 and i have a problem concerning
> > >>> certificates. My apache2 webserver is set up with a SSL site and
it
> > >>> works fine with firefox and the openssl command line. E.g.
> > >>>openssl s_client -connect myhostname:443 -CAfile cacert.pem
> > >>>But when i use the securesocketclient example from QT, i get the
> > >>> message 'the signature of the certificate is invalid'. I don't
know
> > >>> why and maybe somebody out here could tell me. Are there any
special
> > >>> checks for the certificate in QT?
> > >>
> > >> Can you post your modifications to the securesocketclient
example? You
> > >> mentioned your s_client command-line used the -CAfile switch, so
you
> > >> have to set the CA certificate list in the QSslSocket too.
> > >
> > >I haven't changed the securesocketclient example. I just installed
the
> > > CA certificate in /etc/ssl/certs.
> > >If the CA certificate is not recognized i get the appropriate error
> > >message and i know why. But the 'the signature of the certificate
is
> > >invalid' error is strange, since i do not know the reason for it.
> >
> > Qt doesn't read the certificates in there.
> >
> > If you don't enable the certificate explicitly with
setCaCertificates, you
> > don't get it.
> 
> Thanks Thiago for the advise to add the certficate to the socket.
> In sslclient.cpp i modifed the SslClient::secureConnect() method as
follows:
> 
> void SslClient::secureConnect()
> {
>     if (!socket) {
>         socket = new QSslSocket(this);
>         connect(socket,
SIGNAL(stateChanged(QAbstractSocket::SocketState)),
>                 this,
SLOT(socketStateChanged(QAbstractSocket::SocketState)));
>         connect(socket, SIGNAL(encrypted()),
>                 this, SLOT(socketEncrypted()));
>         connect(socket, SIGNAL(sslErrors(QList<QSslError>)),
>                 this, SLOT(sslErrors(QList<QSslError>)));
>         connect(socket, SIGNAL(readyRead()),
>                 this, SLOT(socketReadyRead()));
>
socket->setCaCertificates(QSslSocket::systemCaCertificates ());
>
socket->addCaCertificates("/etc/ssl/certs/arsoft_ca_root.pem");
>     }
> 
>     socket->connectToHostEncrypted(form->hostNameEdit->text(),
form->portBox-
> >value());
>     updateEnabledState();
> }
> 
> But still I get 'the signature of the certificate is invalid' errors.
Any
> further changes I need to do?
> 
> Thanks,
> Andreas
> 

Which error is it SSLSocket returning (specifically)

Is it possibly a self signed certificate?

Scott

More information about the Qt-interest-old mailing list