QSslSocket toggle certificates

[raszewski]

Hi

I've got one question. I have to write some code with SSL communication, but there is one big problem. I've got few different certificates and privates keys. I can get correct certificate after I receive from client some important info. After that I chose correct certificate, private key and start socket encryption.

on server side I have

Qt Code:

Switch view

QSslSocket* pSocket = new QSslSocket(this);
pSocket->setSocketDescriptor(m_nextSocketDesc);
pSocket->startServerEncryption();

QSslSocket* pSocket = new QSslSocket(this);
pSocket->setSocketDescriptor(m_nextSocketDesc);
pSocket->startServerEncryption();

To copy to clipboard, switch view to plain text mode 

on client side

Qt Code:

Switch view

m_pSslSocket->connectToHost(address, port);

m_pSslSocket->connectToHost(address, port);

To copy to clipboard, switch view to plain text mode 

I was thinking, that after i receive some info i just add correct certificate and start client encryption.
But after client connects to server, server immediately disconnects client and emits errors;
Any suggestions?

[wysota]

Shouldn't you be calling connectToHostEncrypted() on the client if the server starts encryption immediately after receiving the connection?

[raszewski]

Yes, it works with connectToHostEncrypted() on the client, but only when server is configured with some certificate and key.
But still it is not solution for my problem. I need to divide communication to unsecured mode and secured mode. In first step i received some info and after that I need to toggle to secure mode. But all communication should be on the same connection.

On the first step I want to connect without encryption

Qt Code:

Switch view

m_pSslSocket->connectToHost(address, port);

m_pSslSocket->connectToHost(address, port);

To copy to clipboard, switch view to plain text mode 

and after a while toggle client to encryption

Qt Code:

Switch view

m_pSslSocket->startClientEncryption();

m_pSslSocket->startClientEncryption();

To copy to clipboard, switch view to plain text mode 

[wysota]

I need to divide communication to unsecured mode and secured mode.

So don't call startServerEncryption() immediately.

[raszewski]

It should works. But what should I used instead of startServerEncryption() ? QTcpServer->addPendingConnection(pSslSocket)?

[wysota]

You don't have to do anything. The moment you set the socket descriptor on Qt's socket, you're ready to read/write data to it. Once you know all the details required to establish encryption, call startServerEncryption().