Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-7200

Using QNetworkAccessManager with local certificate causes self-signed error

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 4.6.0
    • Fix Version/s: 5.3.0
    • Component/s: Network, Network: SSL
    • Labels:
      None
    • Environment:
      Win32, MSVC2008, Qt 4.6.0, OpenSSL 1.0.0-b4
    • Commits:
      5773a5cd50fac6d7348805f785df0cf29f4388b9

      Description

      I have a piece of code which goes something like this:

      	qssReg = new QSslSocket(this);
      	qssReg->setLocalCertificate(qscCert);
      	qssReg->setPrivateKey(qskKey);
      
      	http = new QHttp(QLatin1String("hostname"), QHttp::ConnectionModeHttps, 443, this);
      	http->setSocket(qssReg);
      
      	connect(http, SIGNAL(done(bool)), this, SLOT(done(bool)));
      	connect(http, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(regSslError(const QList<QSslError> &)));
      

      The purpose being to do a https connection with a local certificate for authentication. With OpenSSL 1.0.0-b4, this will always cause regSslError() to trigger with "The certificate is self-signed, and untrusted". Looking at qssReg->peerCertificateChain(), I see the "base" certificate for the server is listed twice, then the CA chain to the root cert. I haven't really done any more debugging than that.

      With OpenSSL 0.9.8l, everything works as expected.

        Attachments

          Issue Links

          For Gerrit Dashboard: QTBUG-7200
          # Subject Branch Project Status CR V

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              slicer Thorvald Natvig
              Votes:
              4 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes