Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-109273

Using client certificates leads to ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 6.4.2
    • 5.15.2, 6.4.1
    • WebEngine
    • None
    • 38e0df6c6 (5.15)

    Description

      I've got a TLS1.2 server that may accept a client certificate. (It works even without one.)

      • If the client certificate is added to Windows' OS store (Chrome -> Privacy -> Security -> Manage certificates -> Add the .pfx file there), then QtWebEngine automatically picks it up, and offers it via the QWebEnginePage::selectClientCertificate API. Everything works fine.
      • If the client certificate is instead loaded in the app (via QSslCertificate::importPkcs12) and added programmatically to the in-memory store via QWebEngineClientCertificateStore::add , then again it is offered through QWebEnginePage::selectClientCertificate, but then the handshake fails with a ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS error.

      I'm not really sure what's going on.

      The only hit on Google is someone asking about this very problem on SO! https://stackoverflow.com/questions/70680355/minimal-working-example-of-qwebengine-with-client-certificates

      Attachments

        For Gerrit Dashboard: QTBUG-109273
        # Subject Branch Project Status CR V
        451713,2 Fix probabilistic signature scheme 5.15 qt/qtwebengine Status: MERGED +2 0

        Activity

          People

            qt_webengine_team Qt WebEngine Team
            peppe Giuseppe D'Angelo
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes