Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.15.0
-
None
-
iOS/tvOS/watchOS,
Linux/Other display system
-
4581cd5fb664676cadda855490b3f21c2ed28a58 (qt/qtbase/dev) b3b21b1a30e5375a327cc09313ada8d42bdf2164 (qt/qtbase/5.15)
Description
We trapped into a strange network error here.
We can establish a TLS connection to the server with Qt/OpenSSL 1.1.1g. The QNetworkReply::encrypted is fired and the connection is established. But in QNetworkReply::finished we received a "Status Code 0" and internal SSL error.
It looks like the ignored OCSP error is still marked as "not ignored" in Qt's internal handling or the openssl error must be cleared, too.
By the way... if we use "openssl ocsp" I cannot reproduce that OCSP warning.
: (ignored) "OCSP responder's identity cannot be verified" : (ignored) "The root certificate of the certificate chain is self-signed, and untrusted" : Ignore SSL errors : Used session cipher QSslCipher(name=ECDHE-RSA-AES256-GCM-SHA384, bits=256, proto=TLSv1.2) : Used ephemeral server key: QSslKey(PublicKey, EC, 256) : Used peer certificate: QSslCertificate("3", "0a:5a:dc:a0:1f:9c:24:f4:6d:dd:31:77:05:96:38:8a", "cFUUZNVHg4769qB7vR+i3g==", "GeoTrust TLS RSA CA G1", "eid-test.mvneco.com", QMap((1, "eid-test.mvneco.com")), QDateTime(2019-08-28 00:00:00.000 UTC Qt::UTC), QDateTime(2021-08-27 12:00:00.000 UTC Qt::UTC)) : Handshake of tls connection done! : Status Code: 0 "" : Select error message for: QNetworkReply::UnknownNetworkError : Network error description "Error while reading: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error"
Attachments
| For Gerrit Dashboard: QTBUG-85638 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 307883,2 | Fix OCSP-Stapling error if identity cannot be verified | 5.15 | qt/qtbase | Status: MERGED | +2 | 0 |
| 308117,2 | Fix OCSP-Stapling error if identity cannot be verified | dev | qt/qtbase | Status: MERGED | +2 | 0 |