Geek asks and answers

Qt OpenSSL Problem - Blocked (?) On Some Computers

I am writing an qt application that uses OpenSSL. Everything has been fine since yesterday. I compiled the application and sent it to my friend. On your computer, the application can open https. I open on another computer and it does not work. So I gave it to another friend, and he cannot open https sites. I was embarrassed and gave it to another guy, and my application runs on his computer. I do not understand the situation. Previous versions worked without errors. But I ran the previous version, which worked, and it does not work either. I disabled all firewalls. Nothing changed.

Any suggestions?

We all have 7 x64. I tested on XP HE and it works, bou on 7 x64 does not work. It runs 7 x64 on my other computer, but it does not work on XP. The IMO operating system is irrelevant.

+3
source share
3 answers

By default, Qt does not contain an OpenSSL implementation, but uses libraries already installed on the system.

Installing Win32 OpenSSL will make it work.

Another option is to create Qt with OpenSSL. Some info here .

+2
source

Try using the method QSslSocket::ignoreSslErrors().

I also had such problems, and using this function solved them for me.

+2
source

If you do not yet have a solution to this error, I just ran into the same problem. The problem seems to be related to the CA certficate chain on a Windows machine. Details can be found at https://bugreports.qt-project.org/browse/QTBUG-20012 .

There is also a small class that captures the ca chain, so the error should not occur in the application.

#ifndef OPENSSLFIX_H
#define OPENSSLFIX_H

#include <QSslConfiguration>

/* this class fixes a problem with qt/openssl and expired ca certificates.
 * the idea is taken from https://bugreports.qt-project.org/browse/QTBUG-20012
 * which describes the problem and the workaround further. the workaround is
 * scheduled for qt5, but will not be introduced into qt4.x.
 *
 * to use this fix just call it in main() before doing any network related 
 * stuff
 *
 * OpenSslFix::fixCaCertificates();
 *
 * it will go through the certificates and remove invalid certs from the chain,
 * thus avoiding the error to arise.
 */
class OpenSslFix {
public:
    static void fixCaCertificates()
    {
        QSslConfiguration config(QSslConfiguration::defaultConfiguration());
        QList<QSslCertificate> in(config.caCertificates());
        QList<QSslCertificate> out;

        for (int i=0, size=in.size(); i<size; ++i) {
            const QSslCertificate &c(in[i]);
            if (c.isValid()) {
                /* not expired -> add */
                out << c;
                continue;
            }

            /* check if the cert is already present in the output */
            bool found = false;
            for (int j=0, size=out.size(); j<size; ++j) {
                if (isCertificateSameName(c, out[j])) {
                    /* already present... */
                    found = true;
                    break;
                }
            }

            if (!found)
                out << c;
        }

        /* now set the new list as the default */
        config.setCaCertificates(out);
        QSslConfiguration::setDefaultConfiguration(config);
    }

private:
    static inline bool isCertificateSameName(const QSslCertificate &cert1, 
                                             const QSslCertificate &cert2)
    {
        return cert1.subjectInfo(QSslCertificate::Organization) ==
                cert2.subjectInfo(QSslCertificate::Organization) &&
                cert1.subjectInfo(QSslCertificate::CommonName) ==
                cert2.subjectInfo(QSslCertificate::CommonName) &&
                cert1.subjectInfo(QSslCertificate::LocalityName) ==
                cert2.subjectInfo(QSslCertificate::LocalityName) &&
                cert1.subjectInfo(QSslCertificate::OrganizationalUnitName) ==
                cert2.subjectInfo(QSslCertificate::OrganizationalUnitName) &&
                cert1.subjectInfo(QSslCertificate::StateOrProvinceName) ==
                cert2.subjectInfo(QSslCertificate::StateOrProvinceName) &&
                cert1.subjectInfo(QSslCertificate::CountryName) ==
                cert2.subjectInfo(QSslCertificate::CountryName);
    }
};

#endif // OPENSSLFIX_H
+2
source

More articles:


All Articles