Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-42134

QT networking library appears to be selecting the wrong certificate or wrong encryption protocol for SSL verification on mojang servers

    XMLWordPrintable

Details

    • Bug
    • Resolution: Out of scope
    • Not Evaluated
    • None
    • 5.3.2
    • Network: SSL
    • None
    • Fedora20 system

    Description

      issue on tracker for app where I am having this problem:
      https://github.com/MultiMC/MultiMC5/issues/567

      This issue has several pastebin links:
      1 showing successful openssl handshake to mojang authserver
      1 showing the qt failed handshake
      and a few other relevant pieces of info

      the file in this app where the network request is set up and executed:
      https://github.com/MultiMC/MultiMC5/blob/develop/logic/auth/YggdrasilTask.cpp

      as far as I can tell, this should work, and it doesn't on this system. It previously has worked in the past, and it works on other people's systems, and my windows PC, and I did recently perform a yum update, but I have been unable to find any other apps that fail in this ssl handshake other than this one using QT on this system.

      I have been told that mojang may have made the switch to using the sha256 instead of sha1 certificate relatively recently, that might be part of whats going on.

      Yet, both java (using default minecraft launcher) and openssl (on command-line) have no issues using the correct certificate and handshaking on the desired server, so I obviously don't lack the correct cert in my ca_certificate files.

      I have attached the files that are located in /etc/pki/ca-trust/extracted under pem, openssl, java directories respectively.

      Attachments

        1. ca-bundle.trust.crt
          330 kB
        2. cacerts
          177 kB
        3. qt_certs_bad.png
          qt_certs_bad.png
          63 kB
        4. ssl_failure_multimc.png
          ssl_failure_multimc.png
          95 kB
        5. tls-ca-bundle.pem
          238 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            richmoore Richard Moore (qtnetwork)
            kotoroshinoto Michael Gooch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes