JaroMast
20th June 2012, 17:25
Hi all, I'm writing a client and server using Qt 4.8.0 and OpenSsl 0.9.8.
I have problem that i can't get encrypted signal from client.
Server was tested using OpenSsl > s_client and i got that output:
>s_client -connect 127.0.0.1:803 -CAfile "C:\serwer\server2.crt"
CONNECTED(00000100)
---
Certificate chain
0 s:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
i:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC7DCCAlWgAwIBAgIJALzzyQK1Lyt2MA0GCSqGSIb3DQEBBQ UAMIGOMQswCQYD
VQQGEwJQTDEcMBoGA1UECAwTV2FybWluc2tvLU1henVyc2tpZT EQMA4GA1UEBwwH
T2xzenR5bjENMAsGA1UECgwEM1NBVDELMAkGA1UECwwCSVQxEj AQBgNVBAMMCXN0
bHNlcnZlcjEfMB0GCSqGSIb3DQEJARYQa3N5YmVrQGdtYWlsLm NvbTAeFw0xMjA2
MTkxMDUyMjdaFw0xMzA2MTkxMDUyMjdaMIGOMQswCQYDVQQGEw JQTDEcMBoGA1UE
CAwTV2FybWluc2tvLU1henVyc2tpZTEQMA4GA1UEBwwHT2xzen R5bjENMAsGA1UE
CgwEM1NBVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCXN0bHNlcn ZlcjEfMB0GCSqG
SIb3DQEJARYQa3N5YmVrQGdtYWlsLmNvbTCBnzANBgkqhkiG9w 0BAQEFAAOBjQAw
gYkCgYEAr2YjfwNDJahYvAmXHdzklZKE2UBwZXRTHlOpiwICa3 IkLcW4kIO4g0sC
9MD/IRBw4ghtT24oGI7y79K5TN9hwTkBMpTsFdM/6m1+P7dOqYBa+V8MZrgYZrBO
YsbkFiaTHhxM8UNaLDsfvD+i5WymCV3l0L8OLZ42BF0FXwqym4 MCAwEAAaNQME4w
HQYDVR0OBBYEFDEfymESS2ucUmX9/7ZvXfjVRml5MB8GA1UdIwQYMBaAFDEfymES
S2ucUmX9/7ZvXfjVRml5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQA DgYEA
nmn4sFnEqyx2/CMchUfFhZgqRUrxTbcFxIKfZCBz4LVF2IF4LDhXk0g30zB2Hft N
TewDGCygsTosUBUaHaykKXMCrJ/GPyERTbfA0FrMFn7Ij4913I6MBT6t1VZ1ZZy7
euNz82aKmQpmDwLLVu33dJOBG/oqEKTM+zzcwNU53wc=
-----END CERTIFICATE-----
subject=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
issuer=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
No client certificate CA names sent
---
SSL handshake has read 1109 bytes and written 523 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: F075F17CFB5774F22DC6DF579F5E9A7E6EB3C5290189101865 53CE1D5868125C
Session-ID-ctx:
Master-Key: BD0C01DA7D5E09406AB1789E29D6A1B4CEABFE0856AF58C4B7 07C0D956EA1FED1AE140C72656CFB8E8A8BBB576F7783E
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - bc 8a 45 64 82 2b 26 7f-9f a3 c1 8c 50 b8 1e 30 ..Ed.+&.....P..0
0010 - df 3a 51 02 e1 58 af 2e-9e 4c 74 89 dc b7 15 d7 .:Q..X...Lt.....
0020 - fa 3a ca 1a 8e e0 63 9c-a3 44 5d ec 38 14 e5 f0 .:....c..D].8...
0030 - 8a 9b 12 7f 17 56 f5 48-47 ab 28 78 c3 61 9a 5a .....V.HG.(x.a.Z
0040 - b8 a6 48 81 f4 eb 7d 91-02 d6 46 1d c2 72 98 d2 ..H...}...F..r..
0050 - f0 bb 4a 56 a0 ac c2 e2-71 3f 17 30 9f 33 58 ca ..JV....q?.0.3X.
0060 - 4c 71 20 e6 97 68 80 6d-80 4a 1c 17 e1 1c 6b db Lq ..h.m.J....k.
0070 - d6 8c 5c eb 70 71 82 89-88 e5 7c e4 9f a3 c1 cc ..\.pq....|.....
0080 - 28 a4 b7 db 17 ae 21 85-fd ad 03 45 41 ca a8 c1 (.....!....EA...
0090 - 59 79 57 14 a8 72 09 86-d8 5f 0a d0 56 f0 54 78 YyW..r..._..V.Tx
Start Time: 1340208337
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
This is client code:
socket = new QSslSocket(this);
socket->setProtocol(QSsl::TlsV1);
socket->setLocalCertificate("C:\\serwer\\server2.crt");
connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)),
this, SLOT(sslError(const QList<QSslError> &)));
socket->connectToHost("127.0.0.1", 803);
if(socket->waitForConnected())
{
socket->startClientEncryption();
}
Also some output from server:
Private key: true
Certificate: true
Descryptor: 968
Mode: 2
Connection state: QAbstractSocket::ConnectedState
Connection mode: 2
Thats all...
I dont get any errors, or encrypted signal. If I delete LocalCertificate from client i get an encypted signal on server and after that:
Encrypted
Error: QAbstractSocket::RemoteHostClosedError
State: QAbstractSocket::ClosingState
State: QAbstractSocket::UnconnectedState
Disconnected
I read somewhere that I should get CACertificate from server but this should be done after encypted signal. So... any ideas why I can't get this signal?
I have problem that i can't get encrypted signal from client.
Server was tested using OpenSsl > s_client and i got that output:
>s_client -connect 127.0.0.1:803 -CAfile "C:\serwer\server2.crt"
CONNECTED(00000100)
---
Certificate chain
0 s:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
i:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC7DCCAlWgAwIBAgIJALzzyQK1Lyt2MA0GCSqGSIb3DQEBBQ UAMIGOMQswCQYD
VQQGEwJQTDEcMBoGA1UECAwTV2FybWluc2tvLU1henVyc2tpZT EQMA4GA1UEBwwH
T2xzenR5bjENMAsGA1UECgwEM1NBVDELMAkGA1UECwwCSVQxEj AQBgNVBAMMCXN0
bHNlcnZlcjEfMB0GCSqGSIb3DQEJARYQa3N5YmVrQGdtYWlsLm NvbTAeFw0xMjA2
MTkxMDUyMjdaFw0xMzA2MTkxMDUyMjdaMIGOMQswCQYDVQQGEw JQTDEcMBoGA1UE
CAwTV2FybWluc2tvLU1henVyc2tpZTEQMA4GA1UEBwwHT2xzen R5bjENMAsGA1UE
CgwEM1NBVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCXN0bHNlcn ZlcjEfMB0GCSqG
SIb3DQEJARYQa3N5YmVrQGdtYWlsLmNvbTCBnzANBgkqhkiG9w 0BAQEFAAOBjQAw
gYkCgYEAr2YjfwNDJahYvAmXHdzklZKE2UBwZXRTHlOpiwICa3 IkLcW4kIO4g0sC
9MD/IRBw4ghtT24oGI7y79K5TN9hwTkBMpTsFdM/6m1+P7dOqYBa+V8MZrgYZrBO
YsbkFiaTHhxM8UNaLDsfvD+i5WymCV3l0L8OLZ42BF0FXwqym4 MCAwEAAaNQME4w
HQYDVR0OBBYEFDEfymESS2ucUmX9/7ZvXfjVRml5MB8GA1UdIwQYMBaAFDEfymES
S2ucUmX9/7ZvXfjVRml5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQA DgYEA
nmn4sFnEqyx2/CMchUfFhZgqRUrxTbcFxIKfZCBz4LVF2IF4LDhXk0g30zB2Hft N
TewDGCygsTosUBUaHaykKXMCrJ/GPyERTbfA0FrMFn7Ij4913I6MBT6t1VZ1ZZy7
euNz82aKmQpmDwLLVu33dJOBG/oqEKTM+zzcwNU53wc=
-----END CERTIFICATE-----
subject=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
issuer=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
No client certificate CA names sent
---
SSL handshake has read 1109 bytes and written 523 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: F075F17CFB5774F22DC6DF579F5E9A7E6EB3C5290189101865 53CE1D5868125C
Session-ID-ctx:
Master-Key: BD0C01DA7D5E09406AB1789E29D6A1B4CEABFE0856AF58C4B7 07C0D956EA1FED1AE140C72656CFB8E8A8BBB576F7783E
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - bc 8a 45 64 82 2b 26 7f-9f a3 c1 8c 50 b8 1e 30 ..Ed.+&.....P..0
0010 - df 3a 51 02 e1 58 af 2e-9e 4c 74 89 dc b7 15 d7 .:Q..X...Lt.....
0020 - fa 3a ca 1a 8e e0 63 9c-a3 44 5d ec 38 14 e5 f0 .:....c..D].8...
0030 - 8a 9b 12 7f 17 56 f5 48-47 ab 28 78 c3 61 9a 5a .....V.HG.(x.a.Z
0040 - b8 a6 48 81 f4 eb 7d 91-02 d6 46 1d c2 72 98 d2 ..H...}...F..r..
0050 - f0 bb 4a 56 a0 ac c2 e2-71 3f 17 30 9f 33 58 ca ..JV....q?.0.3X.
0060 - 4c 71 20 e6 97 68 80 6d-80 4a 1c 17 e1 1c 6b db Lq ..h.m.J....k.
0070 - d6 8c 5c eb 70 71 82 89-88 e5 7c e4 9f a3 c1 cc ..\.pq....|.....
0080 - 28 a4 b7 db 17 ae 21 85-fd ad 03 45 41 ca a8 c1 (.....!....EA...
0090 - 59 79 57 14 a8 72 09 86-d8 5f 0a d0 56 f0 54 78 YyW..r..._..V.Tx
Start Time: 1340208337
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
This is client code:
socket = new QSslSocket(this);
socket->setProtocol(QSsl::TlsV1);
socket->setLocalCertificate("C:\\serwer\\server2.crt");
connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)),
this, SLOT(sslError(const QList<QSslError> &)));
socket->connectToHost("127.0.0.1", 803);
if(socket->waitForConnected())
{
socket->startClientEncryption();
}
Also some output from server:
Private key: true
Certificate: true
Descryptor: 968
Mode: 2
Connection state: QAbstractSocket::ConnectedState
Connection mode: 2
Thats all...
I dont get any errors, or encrypted signal. If I delete LocalCertificate from client i get an encypted signal on server and after that:
Encrypted
Error: QAbstractSocket::RemoteHostClosedError
State: QAbstractSocket::ClosingState
State: QAbstractSocket::UnconnectedState
Disconnected
I read somewhere that I should get CACertificate from server but this should be done after encypted signal. So... any ideas why I can't get this signal?