Qt QSslSocket“證書是自簽名的,不受信任的”
[英]Qt QSslSocket “The certificate is self-signed, and untrusted”
問題描述
我想連接服務器與QSslSocket和服務器上我得到soketSslError“證書是自簽名,不受信任”,但我不明白為什么我有這個錯誤。
第一步是使用openssl為服務器和客戶端生成文件
$openssl req -new -newkey rsa:1024 -keyout ca.key -x509 -days 500 -out ca.crt
$openssl req -new -newkey rsa:1024 -keyout client01.key -out client01.csr
$openssl ca -config ca.config -in client01.csr -out client01.crt -batch
在c ++服務器/客戶端中
在服務器上:
啟動服務器
if (listen(QHostAddress::Any,this->connectingPort)) {
std::cout<<"Server start on port: "<<this->connectingPort<<std::endl;
return true;
} else {
std::cout<<"Cant start server. "<<errorString().toStdString().c_str()<<std::endl;
return false;
}
incomingConnection
QFile keyFile("ca.key");
if (!keyFile.open(QIODevice::ReadOnly)) {
delete this->sslSocket;
qDebug()<<"Cant open file: "<<keyFile.fileName();
return false;
}
QByteArray pasp ="qwerty";
QSslKey key(keyFile.readAll(),QSsl::Rsa,QSsl::Pem,QSsl::PrivateKey,pasp);
if (key.isNull()) {
delete this->sslSocket;
qDebug()<<"key in file "<<keyFile.fileName()<<" is empty";
return false;
}
keyFile.close();
this->sslSocket->setPrivateKey(key);
this->sslSocket->setPeerVerifyMode(QSslSocket::VerifyPeer);
this->sslSocket->setLocalCertificate("ca.crt");
this->sslSocket->startServerEncryption();
在客戶端:
this->sslSocket->setPeerVerifyMode(QSslSocket::VerifyPeer);
QFile keyFile("client01.key");
if (!keyFile.open(QIODevice::ReadOnly)) {
delete this->sslSocket;
qDebug()<<"Cant open file: "<<keyFile.fileName();
return ;
}
QByteArray pasp ="qwerty";
QSslKey key(keyFile.readAll(),QSsl::Rsa,QSsl::Pem,QSsl::PrivateKey,pasp);
if (key.isNull()) {
delete this->sslSocket;
qDebug()<<"key in file "<<keyFile.fileName()<<" is empty";
return ;
}
keyFile.close();
this->sslSocket->setPrivateKey(key);
this->sslSocket->setLocalCertificate("client01.crt");
this->sslSocket->connectToHostEncrypted("192.168.0.10",1258);
if (!this->sslSocket->waitForEncrypted()) {
qDebug()<<"error: "<<sslSocket->errorString();
}
當我從客戶端連接時,我得到服務器錯誤
soket ssl error
"The certificate is self-signed, and untrusted"
"The certificate is self-signed, and untrusted"
socketError: QAbstractSocket::SocketError( 13 )
知道我做錯了什么嗎?
更新:
Qt Creator 3.0.1基於Qt 5.2.1(GCC 4.8.2,64位)
2 個解決方案
解決方案1
3 2015-08-05 11:30:56
我建議你在服務器上試試這個:
QList<QSslCertificate> cert = QSslCertificate::fromPath(QLatin1String("your-certificate.pem"));
QSslError error(QSslError::SelfSignedCertificate, cert.at(0));
QList<QSslError> expectedSslErrors;
expectedSslErrors.append(error);
this->sslSocket.ignoreSslErrors(expectedSslErrors);
解決方案2
1 2015-08-07 10:30:48
問題已經解決
我做了什么:更新版本Qt for 5.5並生成新的ssl證書:
openssl req -x509 -newkey rsa:1024 -keyout key.key -out key.pem -days 365 -nodes
在服務器中:
sslServer.setSslLocalCertificate("key.pem");
sslServer.setSslPrivateKey("key.key");
sslServer.setSslProtocol(QSsl::TlsV1_2);
在客戶端:
sslSocket.addCaCertificates("key.pem");
有沒有一種方法可以強制瀏覽器使用websocket ++接受自簽名證書?
[英]Is there a way to force browser to accept self-signed certificate using websocket++?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.