[Qt-interest] Problems with CAFile using QSslSocket

Eduardo Robles Elvira edulix at gmail.com
Sat Jul 24 00:02:40 CEST 2010 

Hello everyone!

I'm trying to stablish a secure connection between a server and a
client. I'm using QSslSocket, QTcpServer etc. I've created my own
certificate, then my own CA Authority and signed the certificate with
it, following the steps shown in [1] and [2]. I've verified that the
signed PEM certificate is valid with openssl:


edulix at edulix-laptop .../sslsockets_example/certs/server_cert $
openssl verify -CaFile ca-cert.pem localhost.pem
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose
purpose] [-crl_check] [-engine e] cert1 cert2 ...
recognized usages:
        sslclient       SSL client
        sslserver       SSL server
        nssslserver     Netscape SSL server
        smimesign       S/MIME signing
        smimeencrypt    S/MIME encryption
        crlsign         CRL signing
        any             Any Purpose
        ocsphelper      OCSP helper
        timestampsign   Time Stamp signing


I execute the  sslsockets_example_server and sslsockets_example_client
binaries in that directory too (sslsockets_example/certs/server_cert).
This is the output I get:

$ sslsockets_example_server
Listening on port  1025
SslServerConnection::SslServerConnection 8
caCertificates.first().subjectInfo(QSslCertificate::CommonName)
"Baltimore CyberTrust Mobile Root"
privateKey.isNull():  false
certificate.isNull():  false
SslServerConnection::stateChanged()
mode:  0
state:  QAbstractSocket::ConnectedState
Calling startServerEncryption()
SslServerConnection::sslModeChanged() 2
SslServerConnection::sslErrors()
error: "The issuer certificate of a locally looked up certificate
could not be found"
error: "No certificates could be verified"
SslServerConnection::encrypted()
SslServerConnection::readyRead()
Read from socket: "hello"


$ sslsockets_example_client
caCertificates.first().subjectInfo(QSslCertificate::LocalityName) ""
SecureClient::start(); called to m_socket->connectToHostEncrypted
SecureClient::hostFound()
SecureClient::connected()
SecureClient::errorOccured()
SecureClient::connectionEstablished()


As you can notice I'm ignoring SSL errors otherwise it wouldn't work.
The problem as you can see is that even though the ca-cert.pem file is
being correctly put into a QSslCertificate object, there are problems
when using it in the QSslSocket; see the server complaining: "The
issuer certificate of a locally looked up certificate could not be
found".

I attach the whole code and the very certs I'm using so that you can
test it too..

Thanks in advance,
   Eduardo Robles Elvira.

PD: First post in this list yay!
--
[1] http://sial.org/howto/openssl/ca/
[2] http://sial.org/howto/openssl/csr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslsockets_example.tar.bz2
Type: application/x-bzip2
Size: 15486 bytes
Desc: not available
Url : http://lists.qt-project.org/pipermail/qt-interest-old/attachments/20100724/ce8d2b7b/attachment.bz2

More information about the Qt-interest-old mailing list