Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Not Evaluated
Fix Version/s: None
Affects Version/s: 5.9.3, 5.12.1
Component/s: Network: HTTP, Network: SSL
Labels:
None
Environment:
macOS 10.14, xcode 10.1

Platform/s:

macOS

Description

So we have an application server (apache). We started to add client side certificates to check some operations. We use exactly 1 QNAM for the whole application. It seems that once you start an http request the configuration can get mixed up.

In the following example, I'm doing a simple GET and then a POST with client certificate. But from the server I'm getting that the client is not sending its certificate.

If we don't do the initial GET, the POST works exactly as expected. My first suspicion was that this was due to keep-alive because reusing the same tls connection to the server could potentially have that effect but even disabling it does not help.

The only workaround I found was to use 2 different QNAM (1 for the client cert and the other one for the requests that don't require a client certificate).

Is that a use-case that you are planning on supporting in the future?

Here is the code. To reproduce you'll have to setup an http server, with 1 non protected url and 1 protected url and have a client certificate setup as well.

 #include <QtCore>
#include <QtNetwork>


int main(int argc, char **argv)
{
    QCoreApplication app(argc, argv);
    qWarning() << "START";


    QNetworkAccessManager mgr;


    QFile keyFile("/private/var/FWBooster/booster.key");
    keyFile.open(QIODevice::ReadOnly);
    QSslKey key(&keyFile, QSsl::Ec);
    QFile certFile("/private/var/FWBooster/booster.crt");
    certFile.open(QIODevice::ReadOnly);
    QSslCertificate cert(&certFile);


    //problem here (change the value to 1 to avoid the call
    if (argc > 0) {
        QNetworkReply *reply = mgr.get(QNetworkRequest(QUrl("https://tb.filewave.ch:20443")));
        QObject::connect(reply, &QNetworkReply::finished, []() {
            qWarning() << "FINISHED GET";
        });
    }


    QNetworkRequest req(QUrl("https://tb.filewave.ch:20443/auth/client/certificate_renewal"));
    QSslConfiguration conf = QSslConfiguration::defaultConfiguration();
    conf.setLocalCertificate(cert);
    conf.setPrivateKey(key);
    req.setSslConfiguration(conf);


    QNetworkReply *reply = mgr.post(req, QByteArray());
    QObject::connect(reply, &QNetworkReply::finished, [reply]() {
        qWarning() << "FINISHED" << reply->errorString();
    });


    return app.exec();
}

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Timur Pocheptsov

Reporter:: Thierry Bastian

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 06 Feb '19 12:50

Updated:: 07 Feb '19 09:27

Resolved:: 06 Feb '19 19:53

Gerrit Reviews

There are no open Gerrit changes