Results 1 to 2 of 2

Thread: SSLServer + certificates

  1. 17th April 2009, 09:17 #1
    eleanor
    eleanor is offline Intermediate user
    Join Date
    Nov 2006
    Posts
    96

    Default SSLServer + certificates

    Hello to all. I'm programming client-server where both need to identify to the other with certificate (they both also check if the certificate is really from who it says to be - with CA).

    So here's the code of server and client program. The problem is it never starts a SSL handshake, it keeps saying: the socket is not encrypted:

    Server.cpp
    Qt Code: 
    1. Server::Server(QObject *parent) : QTcpServer(parent) {
    2.     /* listen for incoming connections on localhost:PORT */
    3.     if(!this->listen(QHostAddress::LocalHost, PORT)) {
    4.         qFatal("Unable to start the server on localhost:%d",PORT);
    5.     }
    6.  
    7.     //connect(tcpServer, SIGNAL(incomingConnection(int)), this, SLOT(check_ssl_connection()));
    8.     /* newConnection() signal is emitted every time a client connects to server */
    9.     //connect(tcpServer, SIGNAL(newConnection(int &)), this, SLOT(incomingConnection2(int &)));
    10. }
    11.  
    12. /**
    13. *   This function is called by QTcpServer whenever a new connection is available
    14. **/
    15. void Server::incomingConnection(int socket_descriptor) {
    16.     (void)new SSLServer(socket_descriptor, this);
    17. }
    To copy to clipboard, switch view to plain text mode 


    SSLServer.cpp
    Qt Code: 
    1. SSLServer::SSLServer(int socket_descriptor, QObject *parent) : QObject(parent) {
    2.     /* create server socket */
    3.     server = new QSslSocket(this);
    4.  
    5.     /* set socket descriptor */
    6.     if(!server->setSocketDescriptor(socket_descriptor)) {
    7.         qWarning("Failed to set socket descriptor in SSLServer");
    8.         close(socket_descriptor);
    9.         delete this;
    10.         return;
    11.     }
    12.  
    13.     //TODO: dynamic filename
    14.     /* add CA certificate: it is used by the handshake process to validate the peer's certificate*/
    15.     QSslCertificate ca_cert = handle_certificate("/cert/ca.crt");
    16.     server->addCaCertificate(ca_cert);
    17.  
    18.     /* set the server's (LOCAL) digital certificate */
    19.     QSslCertificate server_cert = handle_certificate("/cert/server.crt");
    20.     server->setLocalCertificate(server_cert);
    21.  
    22.     /* set the server's (LOCAL) private key -> [key+certificate == prove identity to SSL peer] */
    23.     server->setPrivateKey("/cert/server.key", QSsl::Rsa, QSsl::Pem, "");
    24.  
    25.     /* set cipher protocol */
    26.     server->setProtocol(QSsl::SslV3);
    27.  
    28.     /* wait for socket to complete SSL handshake -> when encrypted it emits encrypted signal */
    29.     if(server->waitForEncrypted(5000))
    30.         qDebug() << "Socket is encrypted." << endl;
    31.  
    32.     QFile file("/home/eleanor/client.p12");
    33.     file.open(QIODevice::ReadOnly);
    34.     QByteArray data = file.readAll();
    35.     server->write(data);
    36.  
    37.     print_socket_info();
    38.  
    39.     /* handshake is successful and encrypted socket is ready to use */
    40.     connect(server, SIGNAL(encrypted()), this, SLOT(connection_established()));
    41.     /* if error occurs the sslErrors() signal is emitted */
    42.     connect(server, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(error_occured(const QList<QSslError> &)));
    43.     /* socket has changed the mode from unencrypted to client/server mode */
    44.     connect(server, SIGNAL(modeChanged(QSslSocket::SslMode)), this, SLOT(mode_has_changed(QSslSocket::SslMode)));
    45. }
    46.  
    47. void SSLServer::mode_has_changed(QSslSocket::SslMode mode) {
    48.     qDebug() << "SSL Handshake Mode is: " << mode << endl;
    49.  
    50. }
    51.  
    52. /**
    53. *   This function prints useful information about a SSL socket
    54. **/
    55. void SSLServer::print_socket_info() {
    56.     /* if the socket is encrypted */
    57.     if(server->isEncrypted()) {
    58.         qDebug() << "Server socket is encrypted" << endl;
    59.     }
    60.     else {
    61.         qDebug() << "Server socket is not encryted" << endl;
    62.     }
    63.  
    64. }
    65.  
    66.  
    67. /**
    68. *   This function reads the certificate from:
    69. *       - disk - if available
    70. *       - network - if not avalable it downloads the certificate from the server and store it on disk
    71. *   Then return the certificate
    72. **/
    73. QSslCertificate SSLServer::handle_certificate(QString filename) {
    74.     /* read the CA certificate */
    75.     QFile file(filename);
    76.  
    77.     /* if file exists */
    78.     if(!file.exists()) {
    79.         qWarning("Filename %s doesn't exists.", qPrintable(filename));
    80.         //TODO: download the file from server and store it on disk (predefined location)
    81.     }
    82.  
    83.     /* open file */
    84.     if(!file.open(QIODevice::ReadOnly)) {
    85.         qWarning("Cannot open filename %s.", qPrintable(filename));
    86.     }
    87.  
    88.     /* read the whole file into array */
    89.     QByteArray data = file.readAll();
    90.  
    91.     /* construct new certificate */
    92.     QSslCertificate cert(data, QSsl::Pem);
    93.  
    94.     /* check if the certificate is null */
    95.     if(cert.isNull()) {
    96.         qWarning("The CA certificate has no content.");
    97.     }
    98.  
    99.     /* check if the certificate is valid */
    100.     if(!cert.isValid()) {
    101.         qWarning("The CA certificate expired.");
    102.     }
    103.  
    104.     return cert;
    105. }
    106.  
    107.  
    108. void SSLServer::connection_established() {
    109.     qDebug() << "SSL Handshake succedded. The socket is now encrypted." << endl;
    110.     /* get client's (PEER) digital certificate - for diagnostic purposes */
    111.     QSslCertificate client_cert = server->peerCertificate();
    112.  
    113. }
    114.  
    115.  
    116. void SSLServer::error_occured(const QList<QSslError> &error) {
    117.     /* ignore the errors */
    118.     //server->ignoreSslErrors();
    119.     qDebug() << "The following errors occured duing SSH Handshake: " << endl;
    120.     for(quint16 i=0;i<error.count(); i++) {
    121.         qDebug() << error[i] << endl;
    122.     }
    123.  
    124. }
    To copy to clipboard, switch view to plain text mode 


    Client.cpp
    Qt Code: 
    1. SSLClient::SSLClient(QObject *parent) : QObject(parent) {
    2.     /* create client socket */
    3.     client = new QSslSocket();
    4.  
    5.     //TODO: dynamic filename
    6.     /* CA certificate: it is used by the handshake process to validate the peer's certificate */
    7.     QSslCertificate ca_cert = handle_certificate("/cert/ca.crt");
    8.     client->addCaCertificate(ca_cert);
    9.  
    10.     /* set the client's (LOCAL) digital certificate */
    11.     QSslCertificate client_cert = handle_certificate("/cert/client.crt");
    12.     client->setLocalCertificate(client_cert);
    13.  
    14.     /* set the client's (LOCAL) private key -> [key+certificate == prove identity to SSL peer] */
    15.     client->setPrivateKey("/cert/client.key", QSsl::Rsa, QSsl::Pem, "");
    16.  
    17.     /* set cipher protocol */
    18.     client->setProtocol(QSsl::SslV3);
    19.  
    20.     /* get server's (PEER) digital certificate */
    21.     //QSslCertificate server_cert = client->peerCertificate();
    22.  
    23.     client->connectToHostEncrypted("127.0.0.1", 8088);
    24.  
    25.     //client->startClientEncryption();
    26.  
    27.     /* handshake is successful and encrypted socket is ready to use */
    28.     connect(client, SIGNAL(encrypted()), this, SLOT(connection_established()));
    29.     /* if error occurs the sslErrors() signal is emitted */
    30.     connect(client, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(error_occured(const QList<QSslError> &)));
    31.  
    32. }
    33.  
    34.  
    35. /**
    36. *   This function reads the certificate from:
    37. *       - disk - if available
    38. *       - network - if not avalable it downloads the certificate from the server and store it on disk
    39. *   Then return the certificate
    40. **/
    41. QSslCertificate SSLClient::handle_certificate(QString filename) {
    42.     /* read the CA certificate */
    43.     QFile file(filename);
    44.  
    45.     /* if file exists */
    46.     if(!file.exists()) {
    47.         qWarning("Filename %s doesn't exists.", qPrintable(filename));
    48.         //TODO: download the file from server and store it on disk (predefined location)
    49.     }
    50.  
    51.     /* open file */
    52.     if(!file.open(QIODevice::ReadOnly)) {
    53.         qWarning("Cannot open filename %s.", qPrintable(filename));
    54.     }
    55.  
    56.     /* read the whole file into array */
    57.     QByteArray data = file.readAll();
    58.  
    59.     /* construct new certificate */
    60.     QSslCertificate cert(data, QSsl::Pem);
    61.  
    62.     /* check if the certificate is null */
    63.     if(cert.isNull()) {
    64.         qWarning("The CA certificate has no content.");
    65.     }
    66.  
    67.     /* check if the certificate is valid */
    68.     if(!cert.isValid()) {
    69.         qWarning("The CA certificate expired.");
    70.     }
    71.  
    72.     /* add CA certificate - to validate the peer's certificate during handshake */
    73.     //client->addCaCertificate(cert);
    74.     return cert;
    75. }
    76.  
    77.  
    78. void SSLClient::connection_established() {
    79.     /* get the server's certificate */
    80.     QSslCertificate server_cert = client->peerCertificate();
    81.  
    82.     /* write on the ssl connection */
    83.     client->write("Hello, world",13);
    84.  
    85.  
    86. }
    87.  
    88.  
    89. void SSLClient::error_occured(const QList<QSslError> &error) {
    90.     /* ignore the errors */
    91.     //client->ignoreSslErrors();
    92.  
    93. }
    To copy to clipboard, switch view to plain text mode 

    Thank you for all your help...
    Reply With Quote Reply With Quote
  2. 5th April 2016, 20:09 #2
    jeremiah
    jeremiah is offline Beginner
    Join Date
    Sep 2015
    Posts
    4
    Qt products
    Qt5
    Platforms
    Unix/X11 Windows

    Default Re: SSLServer + certificates

    copied from this thread to give credit: http://www.qtcentre.org/threads/5982...357#post265357

    Use QSslsocket instead of QTcpSocket on both sides.

    On the client side, call connecToHostEncrypted() ...
    On the server side, call startServerEncryption().

    See http://qt-project.org/doc/qt-5/QSslSocket.html#details
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. SSL handshaking without certificates
    By palas in forum Qt Programming
    Replies: 6
    Last Post: 5th August 2008, 22:46

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Digia, Qt and their respective logos are trademarks of Digia Plc in Finland and/or other countries worldwide.