PDA

View Full Version : QSslSocket problem client-server



JaroMast
20th June 2012, 18:25
Hi all, I'm writing a client and server using Qt 4.8.0 and OpenSsl 0.9.8.
I have problem that i can't get encrypted signal from client.
Server was tested using OpenSsl > s_client and i got that output:

>s_client -connect 127.0.0.1:803 -CAfile "C:\serwer\server2.crt"

CONNECTED(00000100)
---
Certificate chain
0 s:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
i:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC7DCCAlWgAwIBAgIJALzzyQK1Lyt2MA0GCSqGSIb3DQEBBQ UAMIGOMQswCQYD
VQQGEwJQTDEcMBoGA1UECAwTV2FybWluc2tvLU1henVyc2tpZT EQMA4GA1UEBwwH
T2xzenR5bjENMAsGA1UECgwEM1NBVDELMAkGA1UECwwCSVQxEj AQBgNVBAMMCXN0
bHNlcnZlcjEfMB0GCSqGSIb3DQEJARYQa3N5YmVrQGdtYWlsLm NvbTAeFw0xMjA2
MTkxMDUyMjdaFw0xMzA2MTkxMDUyMjdaMIGOMQswCQYDVQQGEw JQTDEcMBoGA1UE
CAwTV2FybWluc2tvLU1henVyc2tpZTEQMA4GA1UEBwwHT2xzen R5bjENMAsGA1UE
CgwEM1NBVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCXN0bHNlcn ZlcjEfMB0GCSqG
SIb3DQEJARYQa3N5YmVrQGdtYWlsLmNvbTCBnzANBgkqhkiG9w 0BAQEFAAOBjQAw
gYkCgYEAr2YjfwNDJahYvAmXHdzklZKE2UBwZXRTHlOpiwICa3 IkLcW4kIO4g0sC
9MD/IRBw4ghtT24oGI7y79K5TN9hwTkBMpTsFdM/6m1+P7dOqYBa+V8MZrgYZrBO
YsbkFiaTHhxM8UNaLDsfvD+i5WymCV3l0L8OLZ42BF0FXwqym4 MCAwEAAaNQME4w
HQYDVR0OBBYEFDEfymESS2ucUmX9/7ZvXfjVRml5MB8GA1UdIwQYMBaAFDEfymES
S2ucUmX9/7ZvXfjVRml5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQA DgYEA
nmn4sFnEqyx2/CMchUfFhZgqRUrxTbcFxIKfZCBz4LVF2IF4LDhXk0g30zB2Hft N
TewDGCygsTosUBUaHaykKXMCrJ/GPyERTbfA0FrMFn7Ij4913I6MBT6t1VZ1ZZy7
euNz82aKmQpmDwLLVu33dJOBG/oqEKTM+zzcwNU53wc=
-----END CERTIFICATE-----
subject=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
issuer=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
No client certificate CA names sent
---
SSL handshake has read 1109 bytes and written 523 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: F075F17CFB5774F22DC6DF579F5E9A7E6EB3C5290189101865 53CE1D5868125C
Session-ID-ctx:
Master-Key: BD0C01DA7D5E09406AB1789E29D6A1B4CEABFE0856AF58C4B7 07C0D956EA1FED1AE140C72656CFB8E8A8BBB576F7783E
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - bc 8a 45 64 82 2b 26 7f-9f a3 c1 8c 50 b8 1e 30 ..Ed.+&.....P..0
0010 - df 3a 51 02 e1 58 af 2e-9e 4c 74 89 dc b7 15 d7 .:Q..X...Lt.....
0020 - fa 3a ca 1a 8e e0 63 9c-a3 44 5d ec 38 14 e5 f0 .:....c..D].8...
0030 - 8a 9b 12 7f 17 56 f5 48-47 ab 28 78 c3 61 9a 5a .....V.HG.(x.a.Z
0040 - b8 a6 48 81 f4 eb 7d 91-02 d6 46 1d c2 72 98 d2 ..H...}...F..r..
0050 - f0 bb 4a 56 a0 ac c2 e2-71 3f 17 30 9f 33 58 ca ..JV....q?.0.3X.
0060 - 4c 71 20 e6 97 68 80 6d-80 4a 1c 17 e1 1c 6b db Lq ..h.m.J....k.
0070 - d6 8c 5c eb 70 71 82 89-88 e5 7c e4 9f a3 c1 cc ..\.pq....|.....
0080 - 28 a4 b7 db 17 ae 21 85-fd ad 03 45 41 ca a8 c1 (.....!....EA...
0090 - 59 79 57 14 a8 72 09 86-d8 5f 0a d0 56 f0 54 78 YyW..r..._..V.Tx

Start Time: 1340208337
Timeout : 300 (sec)
Verify return code: 0 (ok)
---


This is client code:

socket = new QSslSocket(this);
socket->setProtocol(QSsl::TlsV1);

socket->setLocalCertificate("C:\\serwer\\server2.crt");

connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)),
this, SLOT(sslError(const QList<QSslError> &)));

socket->connectToHost("127.0.0.1", 803);
if(socket->waitForConnected())
{
socket->startClientEncryption();
}

Also some output from server:

Private key: true
Certificate: true
Descryptor: 968
Mode: 2
Connection state: QAbstractSocket::ConnectedState
Connection mode: 2


Thats all...
I dont get any errors, or encrypted signal. If I delete LocalCertificate from client i get an encypted signal on server and after that:

Encrypted
Error: QAbstractSocket::RemoteHostClosedError
State: QAbstractSocket::ClosingState
State: QAbstractSocket::UnconnectedState
Disconnected

I read somewhere that I should get CACertificate from server but this should be done after encypted signal. So... any ideas why I can't get this signal?

wysota
20th June 2012, 18:50
Do you get any ssl errors?

JaroMast
20th June 2012, 19:41
None, while program is working there is no sslErrors signal. When i delete loading LocalCertificate there is error: No Error ;)

JaroMast
21st June 2012, 10:54
I'm trying to get certificate from peer (on client and on server) by socket->peerCertificate(), but all the time i get Null value, is it normal? (I tried to get certificate after connection and after startEncryption)

wysota
21st June 2012, 11:06
If the encryption handshake didn't complete, there is no peer certificate.

JaroMast
21st June 2012, 11:32
Any ideas why process stays in connection mode all the time without encryption? If i use wait for encyption then i get just timeout error.

wysota
21st June 2012, 12:01
No idea, maybe the server doesn't initiate the handshake.

JaroMast
21st June 2012, 13:03
Yes it does :)

void SslServer::incomingConnection(int socketDescriptor)
{
socket = new QSslSocket(this);
qDebug() << "Nowe polaczenie nadchodzi";
socket->setPrivateKey("C:\\serwer\\serverkey.pem");
if(socket->privateKey().isNull())
qDebug() << "Private key: false";
else
qDebug() << "Private key: true";

socket->setLocalCertificate("C:\\serwer\\taserver.cer");
if(socket->localCertificate().isNull())
qDebug() << "Certificate: false";
else
qDebug() << "Certificate: true";

if(socket->setSocketDescriptor(socketDescriptor))
{
qDebug() << "Descryptor: " << socket->socketDescriptor();
socket->setProtocol(QSsl::AnyProtocol);
connect(socket,SIGNAL(encrypted()),this,SLOT(ready ()));
connect(socket,SIGNAL(disconnected()),this,SLOT(Di sconnected()));
connect(socket,SIGNAL(stateChanged(QAbstractSocket ::SocketState)),SLOT(stany(QAbstractSocket::Socket State)));
connect(socket,SIGNAL(error(QAbstractSocket::Socke tError)),this,SLOT(bledy(QAbstractSocket::SocketEr ror)));
connect(socket,SIGNAL(sslErrors(QList<QSslError>)),this,SLOT(bledySSL(QList<QSslError>)));
connect(socket,SIGNAL(modeChanged(QSslSocket::SslM ode)),this,SLOT(mode(QSslSocket::SslMode)));
connect(socket,SIGNAL(peerVerifyError(QSslError)), this,SLOT(bladPeer(QSslError)));

socket->startServerEncryption();
qDebug() << socket->errorString();

qDebug() << "Connection state: " << socket->state();
qDebug() << "Connection mode: " << socket->mode();
}
}

wysota
21st June 2012, 13:18
What is supposed to happen is one thing. What actually happens is another.

JaroMast
21st June 2012, 14:14
So mayby someone have working example of client/server whit qsslsocket?