Hi all, I'm writing a client and server using Qt 4.8.0 and OpenSsl 0.9.8.
I have problem that i can't get encrypted signal from client.
Server was tested using OpenSsl > s_client and i got that output:

>s_client -connect 127.0.0.1:803 -CAfile "C:\serwer\server2.crt"

CONNECTED(00000100)
---
Certificate chain
0 s:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
i:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC7DCCAlWgAwIBAgIJALzzyQK1Lyt2MA0GCSqGSIb3DQEBBQ UAMIGOMQswCQYD
VQQGEwJQTDEcMBoGA1UECAwTV2FybWluc2tvLU1henVyc2tpZT EQMA4GA1UEBwwH
T2xzenR5bjENMAsGA1UECgwEM1NBVDELMAkGA1UECwwCSVQxEj AQBgNVBAMMCXN0
bHNlcnZlcjEfMB0GCSqGSIb3DQEJARYQa3N5YmVrQGdtYWlsLm NvbTAeFw0xMjA2
MTkxMDUyMjdaFw0xMzA2MTkxMDUyMjdaMIGOMQswCQYDVQQGEw JQTDEcMBoGA1UE
CAwTV2FybWluc2tvLU1henVyc2tpZTEQMA4GA1UEBwwHT2xzen R5bjENMAsGA1UE
CgwEM1NBVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCXN0bHNlcn ZlcjEfMB0GCSqG
SIb3DQEJARYQa3N5YmVrQGdtYWlsLmNvbTCBnzANBgkqhkiG9w 0BAQEFAAOBjQAw
gYkCgYEAr2YjfwNDJahYvAmXHdzklZKE2UBwZXRTHlOpiwICa3 IkLcW4kIO4g0sC
9MD/IRBw4ghtT24oGI7y79K5TN9hwTkBMpTsFdM/6m1+P7dOqYBa+V8MZrgYZrBO
YsbkFiaTHhxM8UNaLDsfvD+i5WymCV3l0L8OLZ42BF0FXwqym4 MCAwEAAaNQME4w
HQYDVR0OBBYEFDEfymESS2ucUmX9/7ZvXfjVRml5MB8GA1UdIwQYMBaAFDEfymES
S2ucUmX9/7ZvXfjVRml5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQA DgYEA
nmn4sFnEqyx2/CMchUfFhZgqRUrxTbcFxIKfZCBz4LVF2IF4LDhXk0g30zB2Hft N
TewDGCygsTosUBUaHaykKXMCrJ/GPyERTbfA0FrMFn7Ij4913I6MBT6t1VZ1ZZy7
euNz82aKmQpmDwLLVu33dJOBG/oqEKTM+zzcwNU53wc=
-----END CERTIFICATE-----
subject=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
issuer=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
No client certificate CA names sent
---
SSL handshake has read 1109 bytes and written 523 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: F075F17CFB5774F22DC6DF579F5E9A7E6EB3C5290189101865 53CE1D5868125C
Session-ID-ctx:
Master-Key: BD0C01DA7D5E09406AB1789E29D6A1B4CEABFE0856AF58C4B7 07C0D956EA1FED1AE140C72656CFB8E8A8BBB576F7783E
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - bc 8a 45 64 82 2b 26 7f-9f a3 c1 8c 50 b8 1e 30 ..Ed.+&.....P..0
0010 - df 3a 51 02 e1 58 af 2e-9e 4c 74 89 dc b7 15 d7 .:Q..X...Lt.....
0020 - fa 3a ca 1a 8e e0 63 9c-a3 44 5d ec 38 14 e5 f0 .:....c..D].8...
0030 - 8a 9b 12 7f 17 56 f5 48-47 ab 28 78 c3 61 9a 5a .....V.HG.(x.a.Z
0040 - b8 a6 48 81 f4 eb 7d 91-02 d6 46 1d c2 72 98 d2 ..H...}...F..r..
0050 - f0 bb 4a 56 a0 ac c2 e2-71 3f 17 30 9f 33 58 ca ..JV....q?.0.3X.
0060 - 4c 71 20 e6 97 68 80 6d-80 4a 1c 17 e1 1c 6b db Lq ..h.m.J....k.
0070 - d6 8c 5c eb 70 71 82 89-88 e5 7c e4 9f a3 c1 cc ..\.pq....|.....
0080 - 28 a4 b7 db 17 ae 21 85-fd ad 03 45 41 ca a8 c1 (.....!....EA...
0090 - 59 79 57 14 a8 72 09 86-d8 5f 0a d0 56 f0 54 78 YyW..r..._..V.Tx

Start Time: 1340208337
Timeout : 300 (sec)
Verify return code: 0 (ok)
---


This is client code:

socket = new QSslSocket(this);
socket->setProtocol(QSsl::TlsV1);

socket->setLocalCertificate("C:\\serwer\\server2.crt");

connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)),
this, SLOT(sslError(const QList<QSslError> &)));

socket->connectToHost("127.0.0.1", 803);
if(socket->waitForConnected())
{
socket->startClientEncryption();
}

Also some output from server:

Private key: true
Certificate: true
Descryptor: 968
Mode: 2
Connection state: QAbstractSocket::ConnectedState
Connection mode: 2


Thats all...
I dont get any errors, or encrypted signal. If I delete LocalCertificate from client i get an encypted signal on server and after that:

Encrypted
Error: QAbstractSocket::RemoteHostClosedError
State: QAbstractSocket::ClosingState
State: QAbstractSocket::UnconnectedState
Disconnected

I read somewhere that I should get CACertificate from server but this should be done after encypted signal. So... any ideas why I can't get this signal?

Do you get any ssl errors?

None, while program is working there is no sslErrors signal. When i delete loading LocalCertificate there is error: No Error ;)

I'm trying to get certificate from peer (on client and on server) by socket->peerCertificate(), but all the time i get Null value, is it normal? (I tried to get certificate after connection and after startEncryption)

If the encryption handshake didn't complete, there is no peer certificate.

Any ideas why process stays in connection mode all the time without encryption? If i use wait for encyption then i get just timeout error.

No idea, maybe the server doesn't initiate the handshake.

Yes it does :)

void SslServer::incomingConnection(int socketDescriptor)
{
socket = new QSslSocket(this);
qDebug() << "Nowe polaczenie nadchodzi";
socket->setPrivateKey("C:\\serwer\\serverkey.pem");
if(socket->privateKey().isNull())
qDebug() << "Private key: false";
else
qDebug() << "Private key: true";

socket->setLocalCertificate("C:\\serwer\\taserver.cer");
if(socket->localCertificate().isNull())
qDebug() << "Certificate: false";
else
qDebug() << "Certificate: true";

if(socket->setSocketDescriptor(socketDescriptor))
{
qDebug() << "Descryptor: " << socket->socketDescriptor();
socket->setProtocol(QSsl::AnyProtocol);
connect(socket,SIGNAL(encrypted()),this,SLOT(ready ()));
connect(socket,SIGNAL(disconnected()),this,SLOT(Di sconnected()));
connect(socket,SIGNAL(stateChanged(QAbstractSocket ::SocketState)),SLOT(stany(QAbstractSocket::Socket State)));
connect(socket,SIGNAL(error(QAbstractSocket::Socke tError)),this,SLOT(bledy(QAbstractSocket::SocketEr ror)));
connect(socket,SIGNAL(sslErrors(QList<QSslError>)),this,SLOT(bledySSL(QList<QSslError>)));
connect(socket,SIGNAL(modeChanged(QSslSocket::SslM ode)),this,SLOT(mode(QSslSocket::SslMode)));
connect(socket,SIGNAL(peerVerifyError(QSslError)), this,SLOT(bladPeer(QSslError)));

socket->startServerEncryption();
qDebug() << socket->errorString();

qDebug() << "Connection state: " << socket->state();
qDebug() << "Connection mode: " << socket->mode();
}
}

What is supposed to happen is one thing. What actually happens is another.

So mayby someone have working example of client/server whit qsslsocket?