Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. QSslSocket: TLS initialization Failed
Forum Updated to NodeBB v4.3 + New Features

QSslSocket: TLS initialization Failed

Scheduled Pinned Locked Moved Unsolved General and Desktop
34 Posts 12 Posters 61.0k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • SGaistS Offline
    SGaistS Offline
    SGaist
    Lifetime Qt Champion
    wrote on last edited by
    #2

    Hi and welcome to devnet,

    Might e a silly question, did you properly deploy OpenSSL along your application ?

    On a side note, you don't seem to use the sslErrors signal for your socket. That might give you additional clues.

    Interested in AI ? www.idiap.ch
    Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

    S 1 Reply Last reply
    2
    • SGaistS SGaist

      Hi and welcome to devnet,

      Might e a silly question, did you properly deploy OpenSSL along your application ?

      On a side note, you don't seem to use the sslErrors signal for your socket. That might give you additional clues.

      S Offline
      S Offline
      samf48
      wrote on last edited by
      #3

      @SGaist Not silly at all, I didn't deploy OpenSSL at all with my application. The attached pic shows the output after I run windeployqt.exe. On the vanilla Windows 10 machine all I have to do is double-click on WebServer.exe and it runs with no issue. I did the same on a different Windows 10 machine and it doesn't work and has the aforementioned TLS Initialization error.

      I will look into implementing the sslErrors signal to get some additional feedback from my application and report back.

      0_1539894302137_deployfiles.png

      1 Reply Last reply
      0
      • SGaistS Offline
        SGaistS Offline
        SGaist
        Lifetime Qt Champion
        wrote on last edited by
        #4

        Then you should deploy OpenSSL along with your application.

        If it's working on some Windows machine without them, it means that somewhere in one of the folder listed in the PATH environment variable, you can find them. Some might even have them installed in Windows system folders which is a bad thing to do.

        Interested in AI ? www.idiap.ch
        Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

        1 Reply Last reply
        1
        • S Offline
          S Offline
          samf48
          wrote on last edited by
          #5

          I was trying to avoid that if possible but that might be something I have to do. I'm checked the path variable on the working vanilla machine and there is no mention of OpenSSL or any sort of installation on it. What .dll or other file should I look for in the Windows System folder?

          1 Reply Last reply
          0
          • SGaistS Offline
            SGaistS Offline
            SGaist
            Lifetime Qt Champion
            wrote on last edited by
            #6

            Windows doesn't provide OpenSSL. It's your job to provide it with your application.

            I guess you didn't build Qt yourself, so you should look for OpenSSL 1.0 .dlls. So it should be: ssleay32 and libeay32.

            Interested in AI ? www.idiap.ch
            Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

            S 1 Reply Last reply
            3
            • SGaistS SGaist

              Windows doesn't provide OpenSSL. It's your job to provide it with your application.

              I guess you didn't build Qt yourself, so you should look for OpenSSL 1.0 .dlls. So it should be: ssleay32 and libeay32.

              S Offline
              S Offline
              samf48
              wrote on last edited by
              #7

              @SGaist said in QSslSocket: TLS initialization Failed:

              That's what I'm trying to figure out. There is no install of OpenSSL (or either .dll you mentioned) on the machine and yet my application is establishing a secure, encrypted connection utilizing my localhost certificate. Seems like it isn't referencing OpenSSL-related files at all. Is the Qt5Network.dll handling the TLS-related tasks in my code?

              I installed Qt 5.8 on my machine and use Qt Creator but did not build it from source or anything like that.

              S 1 Reply Last reply
              0
              • S samf48

                @SGaist said in QSslSocket: TLS initialization Failed:

                That's what I'm trying to figure out. There is no install of OpenSSL (or either .dll you mentioned) on the machine and yet my application is establishing a secure, encrypted connection utilizing my localhost certificate. Seems like it isn't referencing OpenSSL-related files at all. Is the Qt5Network.dll handling the TLS-related tasks in my code?

                I installed Qt 5.8 on my machine and use Qt Creator but did not build it from source or anything like that.

                S Offline
                S Offline
                samf48
                wrote on last edited by
                #8

                @SGaist I implemented the error reporting below :

                void HttpServer::incomingConnection(qintptr socketDescriptor)
                {
                    socket = new QSslSocket(this);
                    connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), SLOT(error(QAbstractSocket::SocketError)));
                
                    // Read RSA Key from file for SSL
                    socket->setProtocol(QSsl::TlsV1_2);
                
                    QByteArray key;
                    QFile KeyFile("server.key");
                    if(KeyFile.open(QIODevice::ReadOnly))
                    {
                        key = KeyFile.readAll();
                        KeyFile.close();
                    }
                    else
                    {
                        qDebug() << KeyFile.errorString();
                    }
                    //set SSL Key
                    QSslKey sslKey(key, QSsl::Rsa);
                    socket->setPrivateKey(sslKey);
                
                    // Load SSL certificate from file
                    QByteArray cert;
                    QFile CertFile("server.crt");
                    if(CertFile.open(QIODevice::ReadOnly))
                    {
                        cert = CertFile.readAll();
                        CertFile.close();
                    }
                    else
                    {
                        qDebug() << CertFile.errorString();
                    }
                
                    //set SSL Certificate
                    QSslCertificate sslCert(cert);
                    socket->setLocalCertificate(sslCert);
                
                    QSslConfiguration cfg = socket->sslConfiguration();
                    cfg.caCertificates();
                
                    if (!socket->setSocketDescriptor(socketDescriptor))
                    {
                        qDebug() << ("! Couldn't set socket descriptor");
                        delete socket;
                        return;
                    }
                
                    if (isBusy)
                         socket->waitForReadyRead();
                
                    isBusy = true;
                
                    socket->startServerEncryption();
                
                    if (socket->isEncrypted()){
                        emit socket->encrypted();
                    }
                
                    if(!socket->waitForEncrypted(3000)) {
                        qDebug("Wait for encrypted!!!!");
                        return;
                    }
                
                    if (socket) {
                       connect(socket, SIGNAL(readyRead()), this, SLOT(doTxRx()));
                       connect(socket, SIGNAL(disconnected()), socket, SLOT(deleteLater()));
                       socket->waitForReadyRead();
                    }
                }
                

                unfortunately I get no additional info. What I get is :

                Error: TLS Initialization failed
                
                1 Reply Last reply
                0
                • SGaistS Offline
                  SGaistS Offline
                  SGaist
                  Lifetime Qt Champion
                  wrote on last edited by
                  #9

                  QSslSocket has the sslErrors signal that might give you more clues.

                  Interested in AI ? www.idiap.ch
                  Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                  S 1 Reply Last reply
                  2
                  • SGaistS SGaist

                    QSslSocket has the sslErrors signal that might give you more clues.

                    S Offline
                    S Offline
                    samf48
                    wrote on last edited by samf48
                    #10

                    @SGaist That definitely clued me in to what was going on. Additionally, these two functions helped out quite a bit.

                          sslSocket->sslLibraryBuildVersionString()
                          sslSocket->sslLibraryVersionString()
                    

                    The build library was reporting using OpenSSL version 1.0.2h, and the runtime(non-build Version) was non-existent on the machines where the SSL wasn't working. Only after I installed Git for Windows did my the runtime version show up and my program started working, this was because it installed the 1.0.2p .dll version in the PATH variable of my machine. The sslLibraryVersionString reported version 1.0.2p after that. After I got a hold of the ssleay32.dll and the libeay32.dll for version 1.0.2p and placed it alongside the .exe everything started working.

                    So I guess that means that whatever version of OpenSSL I have installed on my machine is what QT Creator calls when building my program? Is there a way to specify what version to build against?

                    1 Reply Last reply
                    1
                    • SGaistS Offline
                      SGaistS Offline
                      SGaist
                      Lifetime Qt Champion
                      wrote on last edited by
                      #11

                      Qt Creator is innocent. And Qt as well. There's no linking against the SSL libraries by default. They are loaded dynamically.

                      Interested in AI ? www.idiap.ch
                      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                      S 1 Reply Last reply
                      1
                      • SGaistS SGaist

                        Qt Creator is innocent. And Qt as well. There's no linking against the SSL libraries by default. They are loaded dynamically.

                        S Offline
                        S Offline
                        samf48
                        wrote on last edited by
                        #12

                        @SGaist okay good to know. Where is sslSocket->sslLibraryBuildVersionString() pulling that version from? And any clue as to why they differ?

                        1 Reply Last reply
                        0
                        • SGaistS Offline
                          SGaistS Offline
                          SGaist
                          Lifetime Qt Champion
                          wrote on last edited by
                          #13

                          That's the version of OpenSSL that was used when building Qt.

                          Interested in AI ? www.idiap.ch
                          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                          Hans DijkemaH 1 Reply Last reply
                          0
                          • SGaistS SGaist

                            That's the version of OpenSSL that was used when building Qt.

                            Hans DijkemaH Offline
                            Hans DijkemaH Offline
                            Hans Dijkema
                            wrote on last edited by
                            #14

                            @SGaist I seem to have the same problem. I'm currently linking against openssl 1.0.2q. Is that a problem? Also I added a library path in Qt main where it can find the ssl dlls: QCoreApplication::addLibraryPath("c:/OpenSSL-Win64/bin");

                            Still it reports the initialization problems with SSL:

                            qDebug() << QSslSocket::supportsSsl() << QSslSocket::sslLibraryBuildVersionString() << QSslSocket::sslLibraryVersionString();

                            gives me:

                            false "OpenSSL 1.0.2p 14 Aug 2018" ""

                            and then:

                            QSslSocket::connectToHostEncrypted: TLS initialization failed ssl\qsslsocket.cpp: 457

                            What to do?

                            1 Reply Last reply
                            0
                            • SGaistS Offline
                              SGaistS Offline
                              SGaist
                              Lifetime Qt Champion
                              wrote on last edited by
                              #15

                              You should rather modify the PATH environnement variable in the Run part of the Project panel so it can be found at run time.

                              Interested in AI ? www.idiap.ch
                              Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                              1 Reply Last reply
                              2
                              • C Offline
                                C Offline
                                Crag_Hack
                                wrote on last edited by Crag_Hack
                                #16

                                I have the exact same situation as Hans. Same output from the program. I did a search and looky what I found... looks like M$ put libcrypto.dll in the system32 folder and that overrides getting dlls from the program path. Could it be somebody other than MS? I have .NET Framework 1.1, Win10 Dev Kit, Visual Studio 2017 Community, Strawberry Perl, Python, OpenSSL 1.1.1.a, some MS Visual C++ Redistributables, and MS System CLR Types for SQL Server. Nobody else should have done something like that. Also there is no libssl.dll in system32. I'm using OpenSSL 1.1.1a so libcrypto.dll and libssl.dll replace libeay32.dll and ssleay32.dll.

                                0_1545698470342_libcrypto.png

                                This is a fresh install of Win10 I did about a week ago or so. I added this to the beginning of the qDebug() with dbReply being a QNetworkReply:

                                qDebug() << dbReply->errorString() << QSslSocket::supportsSsl() << QSslSocket::sslLibraryBuildVersionString() << QSslSocket::sslLibraryVersionString();
                                

                                The total output is:

                                "Unknown error" false "OpenSSL 1.0.2p  14 Aug 2018" ""
                                

                                How do I remedy the situation if system32 takes priority over the program path?

                                1 Reply Last reply
                                0
                                • SGaistS Offline
                                  SGaistS Offline
                                  SGaist
                                  Lifetime Qt Champion
                                  wrote on last edited by
                                  #17

                                  First: use the same series of OpenSSL as was used to build Qt. OpenSSL 1.1 broke API and ABI compatibility with regards to the 1.0 series.

                                  As for the rogue OpenSSL version in system32, it might very well be an application you installed or an application provided by the manufacturer of your machine. Neither are supposed to do that.

                                  Interested in AI ? www.idiap.ch
                                  Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                  1 Reply Last reply
                                  2
                                  • C Offline
                                    C Offline
                                    Crag_Hack
                                    wrote on last edited by Crag_Hack
                                    #18

                                    I am running the program straight from Qt Creator when all this happens. Even without the dll's present in the application build directory the program still gives the same output from the qDebug() line. I'm thinking the dll is loaded elsewhere, perhaps from the system32 directory. I did a search for the dll using Process Explorer and all that turned up was Chrome and Avast.

                                    If you look at the search for libcrypto.dll I did it shows up in a subfolder of the C:\Windows\WinSxS directory - does this imply it's been installed by a Windows component as opposed to a program?

                                    Also I was wrong about system32 taking the highest priority for loading dll's; see here. It says the directory from which the program is loaded takes top priority for loading dll's; however when I place the libcrypto-1_1.dll and libssl-1_1.dll in the shadow build directory or the release subdirectory of the shadow build directory the qDebug() line shows again the wrong version of OpenSSL being loaded. The only possible explanation of that behavior I could find is on the dll path search page I linked to:

                                    If a DLL with the same module name is already loaded in memory, the system checks only for redirection and a manifest before resolving to the loaded DLL, no matter which directory it is in. The system does not search for the DLL.
                                    

                                    Any ideas?

                                    1 Reply Last reply
                                    0
                                    • SGaistS Offline
                                      SGaistS Offline
                                      SGaist
                                      Lifetime Qt Champion
                                      wrote on last edited by
                                      #19

                                      Yes, as already suggested, use OpenSSL 1.0 since it's the version that was used to build the version of Qt you are using.
                                      As already written, OpenSSL broke API and ABI compatibility between 1.1 and 1.0.
                                      It requires a different backend that is available since 5.10 but you have to select it when building Qt.

                                      If you want OpenSSL 1.1, you should move to Qt 5.12 as IIRC this is now the default backend.

                                      Interested in AI ? www.idiap.ch
                                      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                      1 Reply Last reply
                                      0
                                      • C Offline
                                        C Offline
                                        Crag_Hack
                                        wrote on last edited by
                                        #20

                                        I currently am using 5.12 which dumps the OpenSSL version mentioned before from QSslSocket::sslLibraryBuildVersionString(). Why does the Qt dynamic libraries (that's what you download to be used with Qt Creator/VS or whatever right?) only support a specific version of OpenSSL? When you use

                                        INCLUDEPATH += "C:\Build-OpenSSL-VC-32\include"
                                        

                                        and

                                        LIBS += -LC:\Build-OpenSSL-VC-32\lib -llibcrypto -llibssl
                                        

                                        why doesn't it override whatever OpenSSL was used to build Qt? After all the includes and libraries contain all the OpenSSL code right? Does Qt have to know which functions it can call within the OpenSSL libraries and therefore since API/ABI compatibility broke with 1.1 it is restricted to whatever was used to build Qt?

                                        1 Reply Last reply
                                        0
                                        • SGaistS Offline
                                          SGaistS Offline
                                          SGaist
                                          Lifetime Qt Champion
                                          wrote on last edited by
                                          #21

                                          By default, for international distribution reason, Qt is not linked to OpenSSL but dlopens the dll if available.

                                          And yes, the version is restricted to what was used to build Qt as with any other dependency you may have.

                                          Interested in AI ? www.idiap.ch
                                          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                          1 Reply Last reply
                                          0

                                          • Login

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Users
                                          • Groups
                                          • Search
                                          • Get Qt Extensions
                                          • Unsolved