Hello,
I am currently porting an application to iOS which contains a SSL-Socket including cert- and keyfile.
The application runs fine on desktop machines cross multiple platforms, but on the iOS i get the
following SSL-Error: "The root CA certificate is not trusted for this purpose". I could just ignore
it (tried and worked as expected), but that does not seem to be the clear solution I am looking for.
The certificates are self signed, but when running the application on Windows, Linux and OS X Yosemite
it runs just fine.
Any ideas why this is only occuring on iOs and how I can solve the issue?
This is the part where i configure the SSL-socket:
void SslClient::configureSsl()
{
/* Read and set certfile */
QFile certFile
(":/ssl/ssl/client.pem",
this);
qDebug() << "Error opening cert-File";
}
QSslCertificate sslCertificate(&certFile, QSsl::Pem);
if (sslCertificate.isNull()) {
qDebug() << "Certificate is empty";
}
/* Read and set keyfile */
QFile keyFile
(":/ssl/ssl/client.key",
this);
qDebug() << "Error opening key-File";
}
QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem);
if (sslKey.isNull()) {
qDebug() << "Keyfile is empty";
}
/* Set the configuration */
sslConfig.setLocalCertificate(sslCertificate);
sslConfig.setPrivateKey(sslKey);
sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfig.setProtocol(QSsl::TlsV1SslV3);
setSslConfiguration(sslConfig);
}
void SslClient::configureSsl()
{
/* Read and set certfile */
QFile certFile(":/ssl/ssl/client.pem", this);
if (!certFile.open(QIODevice::ReadOnly)) {
qDebug() << "Error opening cert-File";
}
QSslCertificate sslCertificate(&certFile, QSsl::Pem);
if (sslCertificate.isNull()) {
qDebug() << "Certificate is empty";
}
/* Read and set keyfile */
QFile keyFile(":/ssl/ssl/client.key", this);
if (!keyFile.open(QIODevice::ReadOnly)) {
qDebug() << "Error opening key-File";
}
QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem);
if (sslKey.isNull()) {
qDebug() << "Keyfile is empty";
}
/* Set the configuration */
sslConfig.setLocalCertificate(sslCertificate);
sslConfig.setPrivateKey(sslKey);
sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfig.setProtocol(QSsl::TlsV1SslV3);
setSslConfiguration(sslConfig);
}
To copy to clipboard, switch view to plain text mode
thank you in advance.
Bookmarks