QSslSocket problem client-server

**JaroMast** · 20th June 2012, 17:25

Hi all, I'm writing a client and server using Qt 4.8.0 and OpenSsl 0.9.8.
I have problem that i can't get encrypted signal from client.
Server was tested using OpenSsl > s_client and i got that output:

Qt Code:

Switch view

>s_client -connect 127.0.0.1:803 -CAfile "C:\serwer\server2.crt"
 
CONNECTED(00000100)
---
Certificate chain
 0 s:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
   i:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC7DCCAlWgAwIBAgIJALzzyQK1Lyt2MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
VQQGEwJQTDEcMBoGA1UECAwTV2FybWluc2tvLU1henVyc2tpZTEQMA4GA1UEBwwH
T2xzenR5bjENMAsGA1UECgwEM1NBVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCXN0
bHNlcnZlcjEfMB0GCSqGSIb3DQEJARYQa3N5YmVrQGdtYWlsLmNvbTAeFw0xMjA2
MTkxMDUyMjdaFw0xMzA2MTkxMDUyMjdaMIGOMQswCQYDVQQGEwJQTDEcMBoGA1UE
CAwTV2FybWluc2tvLU1henVyc2tpZTEQMA4GA1UEBwwHT2xzenR5bjENMAsGA1UE
CgwEM1NBVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCXN0bHNlcnZlcjEfMB0GCSqG
SIb3DQEJARYQa3N5YmVrQGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAr2YjfwNDJahYvAmXHdzklZKE2UBwZXRTHlOpiwICa3IkLcW4kIO4g0sC
9MD/IRBw4ghtT24oGI7y79K5TN9hwTkBMpTsFdM/6m1+P7dOqYBa+V8MZrgYZrBO
YsbkFiaTHhxM8UNaLDsfvD+i5WymCV3l0L8OLZ42BF0FXwqym4MCAwEAAaNQME4w
HQYDVR0OBBYEFDEfymESS2ucUmX9/7ZvXfjVRml5MB8GA1UdIwQYMBaAFDEfymES
S2ucUmX9/7ZvXfjVRml5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
nmn4sFnEqyx2/CMchUfFhZgqRUrxTbcFxIKfZCBz4LVF2IF4LDhXk0g30zB2HftN
TewDGCygsTosUBUaHaykKXMCrJ/GPyERTbfA0FrMFn7Ij4913I6MBT6t1VZ1ZZy7
euNz82aKmQpmDwLLVu33dJOBG/oqEKTM+zzcwNU53wc=
-----END CERTIFICATE-----
subject=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
issuer=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
No client certificate CA names sent
---
SSL handshake has read 1109 bytes and written 523 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID: F075F17CFB5774F22DC6DF579F5E9A7E6EB3C529018910186553CE1D5868125C
    Session-ID-ctx: 
    Master-Key: BD0C01DA7D5E09406AB1789E29D6A1B4CEABFE0856AF58C4B707C0D956EA1FED1AE140C72656CFB8E8A8BBB576F7783E
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - bc 8a 45 64 82 2b 26 7f-9f a3 c1 8c 50 b8 1e 30   ..Ed.+&.....P..0
    0010 - df 3a 51 02 e1 58 af 2e-9e 4c 74 89 dc b7 15 d7   .:Q..X...Lt.....
    0020 - fa 3a ca 1a 8e e0 63 9c-a3 44 5d ec 38 14 e5 f0   .:....c..D].8...
    0030 - 8a 9b 12 7f 17 56 f5 48-47 ab 28 78 c3 61 9a 5a   .....V.HG.(x.a.Z
    0040 - b8 a6 48 81 f4 eb 7d 91-02 d6 46 1d c2 72 98 d2   ..H...}...F..r..
    0050 - f0 bb 4a 56 a0 ac c2 e2-71 3f 17 30 9f 33 58 ca   ..JV....q?.0.3X.
    0060 - 4c 71 20 e6 97 68 80 6d-80 4a 1c 17 e1 1c 6b db   Lq ..h.m.J....k.
    0070 - d6 8c 5c eb 70 71 82 89-88 e5 7c e4 9f a3 c1 cc   ..\.pq....|.....
    0080 - 28 a4 b7 db 17 ae 21 85-fd ad 03 45 41 ca a8 c1   (.....!....EA...
    0090 - 59 79 57 14 a8 72 09 86-d8 5f 0a d0 56 f0 54 78   YyW..r..._..V.Tx
 
    Start Time: 1340208337
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

>s_client -connect 127.0.0.1:803 -CAfile "C:\serwer\server2.crt"

CONNECTED(00000100)
---
Certificate chain
 0 s:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
   i:/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC7DCCAlWgAwIBAgIJALzzyQK1Lyt2MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
VQQGEwJQTDEcMBoGA1UECAwTV2FybWluc2tvLU1henVyc2tpZTEQMA4GA1UEBwwH
T2xzenR5bjENMAsGA1UECgwEM1NBVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCXN0
bHNlcnZlcjEfMB0GCSqGSIb3DQEJARYQa3N5YmVrQGdtYWlsLmNvbTAeFw0xMjA2
MTkxMDUyMjdaFw0xMzA2MTkxMDUyMjdaMIGOMQswCQYDVQQGEwJQTDEcMBoGA1UE
CAwTV2FybWluc2tvLU1henVyc2tpZTEQMA4GA1UEBwwHT2xzenR5bjENMAsGA1UE
CgwEM1NBVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCXN0bHNlcnZlcjEfMB0GCSqG
SIb3DQEJARYQa3N5YmVrQGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAr2YjfwNDJahYvAmXHdzklZKE2UBwZXRTHlOpiwICa3IkLcW4kIO4g0sC
9MD/IRBw4ghtT24oGI7y79K5TN9hwTkBMpTsFdM/6m1+P7dOqYBa+V8MZrgYZrBO
YsbkFiaTHhxM8UNaLDsfvD+i5WymCV3l0L8OLZ42BF0FXwqym4MCAwEAAaNQME4w
HQYDVR0OBBYEFDEfymESS2ucUmX9/7ZvXfjVRml5MB8GA1UdIwQYMBaAFDEfymES
S2ucUmX9/7ZvXfjVRml5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
nmn4sFnEqyx2/CMchUfFhZgqRUrxTbcFxIKfZCBz4LVF2IF4LDhXk0g30zB2HftN
TewDGCygsTosUBUaHaykKXMCrJ/GPyERTbfA0FrMFn7Ij4913I6MBT6t1VZ1ZZy7
euNz82aKmQpmDwLLVu33dJOBG/oqEKTM+zzcwNU53wc=
-----END CERTIFICATE-----
subject=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
issuer=/C=PL/ST=Warminsko-Mazurskie/L=Olsztyn/O=3SAT/OU=IT/CN=stlserver/emailAddress=ksybek@gmail.com
---
No client certificate CA names sent
---
SSL handshake has read 1109 bytes and written 523 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID: F075F17CFB5774F22DC6DF579F5E9A7E6EB3C529018910186553CE1D5868125C
    Session-ID-ctx: 
    Master-Key: BD0C01DA7D5E09406AB1789E29D6A1B4CEABFE0856AF58C4B707C0D956EA1FED1AE140C72656CFB8E8A8BBB576F7783E
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - bc 8a 45 64 82 2b 26 7f-9f a3 c1 8c 50 b8 1e 30   ..Ed.+&.....P..0
    0010 - df 3a 51 02 e1 58 af 2e-9e 4c 74 89 dc b7 15 d7   .:Q..X...Lt.....
    0020 - fa 3a ca 1a 8e e0 63 9c-a3 44 5d ec 38 14 e5 f0   .:....c..D].8...
    0030 - 8a 9b 12 7f 17 56 f5 48-47 ab 28 78 c3 61 9a 5a   .....V.HG.(x.a.Z
    0040 - b8 a6 48 81 f4 eb 7d 91-02 d6 46 1d c2 72 98 d2   ..H...}...F..r..
    0050 - f0 bb 4a 56 a0 ac c2 e2-71 3f 17 30 9f 33 58 ca   ..JV....q?.0.3X.
    0060 - 4c 71 20 e6 97 68 80 6d-80 4a 1c 17 e1 1c 6b db   Lq ..h.m.J....k.
    0070 - d6 8c 5c eb 70 71 82 89-88 e5 7c e4 9f a3 c1 cc   ..\.pq....|.....
    0080 - 28 a4 b7 db 17 ae 21 85-fd ad 03 45 41 ca a8 c1   (.....!....EA...
    0090 - 59 79 57 14 a8 72 09 86-d8 5f 0a d0 56 f0 54 78   YyW..r..._..V.Tx

    Start Time: 1340208337
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

To copy to clipboard, switch view to plain text mode

This is client code:

Qt Code:

Switch view

socket = new QSslSocket(this);
    socket->setProtocol(QSsl::TlsV1);
 
    socket->setLocalCertificate("C:\\serwer\\server2.crt");
 
    connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
    connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)),
                 this, SLOT(sslError(const QList<QSslError> &)));
 
    socket->connectToHost("127.0.0.1", 803);
    if(socket->waitForConnected())
    {
        socket->startClientEncryption();
    }

socket = new QSslSocket(this);
    socket->setProtocol(QSsl::TlsV1);

    socket->setLocalCertificate("C:\\serwer\\server2.crt");

    connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
    connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)),
                 this, SLOT(sslError(const QList<QSslError> &)));

    socket->connectToHost("127.0.0.1", 803);
    if(socket->waitForConnected())
    {
        socket->startClientEncryption();
    }

To copy to clipboard, switch view to plain text mode

Also some output from server:

Qt Code:

Switch view

Private key: true 
Certificate: true 
Descryptor:  968 
Mode:  2
Connection state:  QAbstractSocket::ConnectedState 
Connection mode:  2

Private key: true 
Certificate: true 
Descryptor:  968 
Mode:  2
Connection state:  QAbstractSocket::ConnectedState 
Connection mode:  2

To copy to clipboard, switch view to plain text mode

Thats all...
I dont get any errors, or encrypted signal. If I delete LocalCertificate from client i get an encypted signal on server and after that:

Qt Code:

Switch view

Encrypted
Error:  QAbstractSocket::RemoteHostClosedError 
State:  QAbstractSocket::ClosingState 
State:  QAbstractSocket::UnconnectedState 
Disconnected

Encrypted
Error:  QAbstractSocket::RemoteHostClosedError 
State:  QAbstractSocket::ClosingState 
State:  QAbstractSocket::UnconnectedState 
Disconnected

To copy to clipboard, switch view to plain text mode

I read somewhere that I should get CACertificate from server but this should be done after encypted signal. So... any ideas why I can't get this signal?

**wysota** · 20th June 2012, 17:50

Do you get any ssl errors?

**JaroMast** · 20th June 2012, 18:41

None, while program is working there is no sslErrors signal. When i delete loading LocalCertificate there is error: No Error

**JaroMast** · 21st June 2012, 09:54

I'm trying to get certificate from peer (on client and on server) by socket->peerCertificate(), but all the time i get Null value, is it normal? (I tried to get certificate after connection and after startEncryption)

**wysota** · 21st June 2012, 10:06

If the encryption handshake didn't complete, there is no peer certificate.

**JaroMast** · 21st June 2012, 10:32

Any ideas why process stays in connection mode all the time without encryption? If i use wait for encyption then i get just timeout error.

**wysota** · 21st June 2012, 11:01

No idea, maybe the server doesn't initiate the handshake.

**JaroMast** · 21st June 2012, 12:03

Yes it does

Qt Code:

Switch view

void SslServer::incomingConnection(int socketDescriptor)
{
	socket = new QSslSocket(this);
	qDebug() << "Nowe polaczenie nadchodzi";
	socket->setPrivateKey("C:\\serwer\\serverkey.pem");
	if(socket->privateKey().isNull())
		qDebug() << "Private key: false";
	else
		qDebug() << "Private key: true";
 
	socket->setLocalCertificate("C:\\serwer\\taserver.cer");
	if(socket->localCertificate().isNull())
		qDebug() << "Certificate: false";
	else
		qDebug() << "Certificate: true";
 
	if(socket->setSocketDescriptor(socketDescriptor))
	{
		qDebug() << "Descryptor: " << socket->socketDescriptor();
		socket->setProtocol(QSsl::AnyProtocol);
		connect(socket,SIGNAL(encrypted()),this,SLOT(ready()));
		connect(socket,SIGNAL(disconnected()),this,SLOT(Disconnected()));
		connect(socket,SIGNAL(stateChanged(QAbstractSocket::SocketState)),SLOT(stany(QAbstractSocket::SocketState)));
		connect(socket,SIGNAL(error(QAbstractSocket::SocketError)),this,SLOT(bledy(QAbstractSocket::SocketError)));
		connect(socket,SIGNAL(sslErrors(QList<QSslError>)),this,SLOT(bledySSL(QList<QSslError>)));
		connect(socket,SIGNAL(modeChanged(QSslSocket::SslMode)),this,SLOT(mode(QSslSocket::SslMode)));
		connect(socket,SIGNAL(peerVerifyError(QSslError)),this,SLOT(bladPeer(QSslError)));
 
		socket->startServerEncryption();
		qDebug() << socket->errorString();
 
		qDebug() << "Connection state: " << socket->state();
		qDebug() << "Connection mode: " << socket->mode();
	}
}

void SslServer::incomingConnection(int socketDescriptor)
{
	socket = new QSslSocket(this);
	qDebug() << "Nowe polaczenie nadchodzi";
	socket->setPrivateKey("C:\\serwer\\serverkey.pem");
	if(socket->privateKey().isNull())
		qDebug() << "Private key: false";
	else
		qDebug() << "Private key: true";

	socket->setLocalCertificate("C:\\serwer\\taserver.cer");
	if(socket->localCertificate().isNull())
		qDebug() << "Certificate: false";
	else
		qDebug() << "Certificate: true";
	
	if(socket->setSocketDescriptor(socketDescriptor))
	{
		qDebug() << "Descryptor: " << socket->socketDescriptor();
		socket->setProtocol(QSsl::AnyProtocol);
		connect(socket,SIGNAL(encrypted()),this,SLOT(ready()));
		connect(socket,SIGNAL(disconnected()),this,SLOT(Disconnected()));
		connect(socket,SIGNAL(stateChanged(QAbstractSocket::SocketState)),SLOT(stany(QAbstractSocket::SocketState)));
		connect(socket,SIGNAL(error(QAbstractSocket::SocketError)),this,SLOT(bledy(QAbstractSocket::SocketError)));
		connect(socket,SIGNAL(sslErrors(QList<QSslError>)),this,SLOT(bledySSL(QList<QSslError>)));
		connect(socket,SIGNAL(modeChanged(QSslSocket::SslMode)),this,SLOT(mode(QSslSocket::SslMode)));
		connect(socket,SIGNAL(peerVerifyError(QSslError)),this,SLOT(bladPeer(QSslError)));

		socket->startServerEncryption();
		qDebug() << socket->errorString();
	
		qDebug() << "Connection state: " << socket->state();
		qDebug() << "Connection mode: " << socket->mode();
	}
}

To copy to clipboard, switch view to plain text mode

**wysota** · 21st June 2012, 12:18

What is supposed to happen is one thing. What actually happens is another.

**JaroMast** · 21st June 2012, 13:14

So mayby someone have working example of client/server whit qsslsocket?

Thread: QSslSocket problem client-server

Thread Tools

Search Thread

Display

QSslSocket problem client-server

Re: QSslSocket problem client-server

Re: QSslSocket problem client-server

Re: QSslSocket problem client-server

Re: QSslSocket problem client-server

Re: QSslSocket problem client-server

Re: QSslSocket problem client-server

Re: QSslSocket problem client-server

Re: QSslSocket problem client-server

Re: QSslSocket problem client-server

Similar Threads

problem in client and server model of tcp in qt

QSslSocket - problem with connecting to the server

server-client problem

TCP server-client app problem

Qt-- Client Server communication problem

Bookmarks

Bookmarks

Posting Permissions