Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.9.4, 5.10
Affects Version/s: 5.9.2
Component/s: Network: SSL
Labels:
None

Platform/s:

macOS
Commits:
55f8d7dfe5589f85b0fa8a0705b1821f69b2cb34 9c765522d1c4f8090b5f5d391b1740fc4bd67664

Description

TL;DR: Server-side QSslSocket with protocol set to QSsl::TlsV1_0OrLater failes with handshake while with QSsl::TlsV1_2 works correctly. This issue seems to be macOS only.

I have QSslSocket based HTTPS Web server, where every incomming connection is wrapped into QSslSocket like this:

    QSslSocket *socket = new QSslSocket;
    socket->setProtocol(QSsl::SecureTlsV1_2);
    ...

    if (!socket->setSocketDescriptor(socketDescriptor)) {
        ...
    }


    socket->startServerEncryption();

When I access this server with curl, everythings works correctly. If I change socket protocol to QSsl::TlsV1_0OrLater, the SSL handshake fails emitting error signal with SslHandshakeFailedError

Placing breakpoint at QSslSocketBackendPrivate::startHandshake() and doing small debug round-trip I can see that bool QSslSocketBackendPrivate::verifySessionProtocol() const returns false as it imho doesn't handle the QSsl::TlsV*OrLater variants of protocol enum correctly.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Timur Pocheptsov

Reporter:: Jan Bartipan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07 Nov '17 17:23

Updated:: 20 Jun '18 12:31

Resolved:: 21 Nov '17 08:29

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

qsslsocket_mac: handle 'OrLater' SslProtocols in verifySessionProtocol(): Gerrit Review: