Hello everybody,

i habe a problem with implementing the SSL Support for my SOAP Webservice Client. I testet my client with free (non-SSL-supported) Webservices an it worked. Now i want to add the SSL support and i fail when integrating the required certificates. I use the QNetworkAccessManager with a QNetworkRequest and i set QSslConfiguration::setDefaultConfiguration(l_sslCo nfig); to my configuration.

The used certificates are stored in "C:/certTest/" (CertEnterpriseCA02.pem , CertRootCA02.pem).

Installed software:
Qt-Version: 5.6.2
OpenSSL Build Version: 1.0.2g
OpenSSL Library Version: 1.0.2l


Qt Code:
  1. // PREPERATIONS
  2. connect(m_networkAccessManager,SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)),this,SLOT(slot_sslErrorsSlot(QNetworkReply*,QList<QSslError>)));
  3.  
  4. QBuffer *l_buffer = this->prepareRequestBuffer();
  5. QNetworkRequest l_request = this->prepareRequest();
  6.  
  7.  
  8. // SSL CONFIG
  9.  
  10. QSslConfiguration l_sslConfig = QSslConfiguration::defaultConfiguration();
  11.  
  12. l_sslConfig.setProtocol(QSsl::TlsV1_0OrLater);
  13. l_sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
  14. l_sslConfig.setSslOption(QSsl::SslOptionDisableCompression, false);
  15.  
  16. QList<QSslCertificate> l_certs = l_sslConfig.caCertificates();
  17.  
  18. QDir l_caDir("C:/certTest/");
  19. QStringList l_certFilenames = l_caDir.entryList();
  20.  
  21. for( int i=0; i<l_certFilenames.length(); i++)
  22. {
  23. if( l_certFilenames.at(i) != "." && l_certFilenames.at(i) != ".." )
  24. {
  25. QFile l_fileCert(l_caDir.absolutePath() + "/" + l_certFilenames.at(i));
  26.  
  27. if(!l_fileCert.open(QIODevice::ReadOnly))
  28. {
  29. qDebug() << "Cannot open CA certificate!";
  30. }
  31.  
  32. QSslCertificate l_cert(&l_fileCert,QSsl::Pem);
  33. l_fileCert.close();
  34. l_certs.append(l_cert);
  35. }
  36. }
  37.  
  38. l_sslConfig.setCaCertificates(l_certs);
  39.  
  40. QSslConfiguration::setDefaultConfiguration(l_sslConfig);
  41.  
  42. // POST MESSAGE
  43.  
  44. QNetworkReply *l_reply = m_manager->post(l_request, l_buffer);
To copy to clipboard, switch view to plain text mode 


To verify the ssl error i connected the sslErrors(QNetworkReply*,QList<QSslError>) from the QNetworkAccessManager with one of my own slots. The errorstring of the QNetworkReply says the following:

"The issuer certificate of a locally looked up certificate could not be found"
"No certificates could be verified"

I obviously have a problem with the handshake of client and server and i think the reason is that qt cant find my certificates. Here is the communication observed by wireshark:

Qt Code:
  1. 1823 962.621597 172.28.254.191 10.39.5.181 TLSv1.2 571 Client Hello
  2. 1824 962.660543 10.39.5.181 172.28.254.191 TCP 54 443 ? 61210 [ACK] Seq=1 Ack=518 Win=30336 Len=0
  3. 1825 962.664683 10.39.5.181 172.28.254.191 TLSv1.2 1420 Server Hello, Certificate
  4. 1826 962.664785 10.39.5.181 172.28.254.191 TLSv1.2 375 Server Key Exchange, Server Hello Done
  5. 1827 962.664811 172.28.254.191 10.39.5.181 TCP 54 61210 ? 443 [ACK] Seq=518 Ack=1688 Win=16384 Len=0
  6. 1828 962.667858 172.28.254.191 10.39.5.181 TLSv1.2 180 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
  7. 1829 962.706037 10.39.5.181 172.28.254.191 TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message
  8. 1830 962.746854 172.28.254.191 10.39.5.181 TCP 54 61210 ? 443 [ACK] Seq=644 Ack=1739 Win=16128 Len=0
  9. 1831 962.748077 172.28.254.191 10.39.5.181 TCP 54 61210 ? 443 [FIN, ACK] Seq=644 Ack=1739 Win=16128 Len=0
  10. 1832 962.785958 10.39.5.181 172.28.254.191 TLSv1.2 85 Encrypted Alert
To copy to clipboard, switch view to plain text mode 

I read so much articles about qt and SSL support but there must be an error in my code. It would be great if someone could help me.

Thanks a lot.