Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. QSslSocket: TLS initialization Failed
QtWS25 Last Chance

QSslSocket: TLS initialization Failed

Scheduled Pinned Locked Moved Unsolved General and Desktop
34 Posts 12 Posters 59.1k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    S Offline
    samf48
    wrote on last edited by
    #5

    I was trying to avoid that if possible but that might be something I have to do. I'm checked the path variable on the working vanilla machine and there is no mention of OpenSSL or any sort of installation on it. What .dll or other file should I look for in the Windows System folder?

    1 Reply Last reply
    0
    • SGaistS Offline
      SGaistS Offline
      SGaist
      Lifetime Qt Champion
      wrote on last edited by
      #6

      Windows doesn't provide OpenSSL. It's your job to provide it with your application.

      I guess you didn't build Qt yourself, so you should look for OpenSSL 1.0 .dlls. So it should be: ssleay32 and libeay32.

      Interested in AI ? www.idiap.ch
      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

      S 1 Reply Last reply
      3
      • SGaistS SGaist

        Windows doesn't provide OpenSSL. It's your job to provide it with your application.

        I guess you didn't build Qt yourself, so you should look for OpenSSL 1.0 .dlls. So it should be: ssleay32 and libeay32.

        S Offline
        S Offline
        samf48
        wrote on last edited by
        #7

        @SGaist said in QSslSocket: TLS initialization Failed:

        That's what I'm trying to figure out. There is no install of OpenSSL (or either .dll you mentioned) on the machine and yet my application is establishing a secure, encrypted connection utilizing my localhost certificate. Seems like it isn't referencing OpenSSL-related files at all. Is the Qt5Network.dll handling the TLS-related tasks in my code?

        I installed Qt 5.8 on my machine and use Qt Creator but did not build it from source or anything like that.

        S 1 Reply Last reply
        0
        • S samf48

          @SGaist said in QSslSocket: TLS initialization Failed:

          That's what I'm trying to figure out. There is no install of OpenSSL (or either .dll you mentioned) on the machine and yet my application is establishing a secure, encrypted connection utilizing my localhost certificate. Seems like it isn't referencing OpenSSL-related files at all. Is the Qt5Network.dll handling the TLS-related tasks in my code?

          I installed Qt 5.8 on my machine and use Qt Creator but did not build it from source or anything like that.

          S Offline
          S Offline
          samf48
          wrote on last edited by
          #8

          @SGaist I implemented the error reporting below :

          void HttpServer::incomingConnection(qintptr socketDescriptor)
          {
              socket = new QSslSocket(this);
              connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), SLOT(error(QAbstractSocket::SocketError)));
          
              // Read RSA Key from file for SSL
              socket->setProtocol(QSsl::TlsV1_2);
          
              QByteArray key;
              QFile KeyFile("server.key");
              if(KeyFile.open(QIODevice::ReadOnly))
              {
                  key = KeyFile.readAll();
                  KeyFile.close();
              }
              else
              {
                  qDebug() << KeyFile.errorString();
              }
              //set SSL Key
              QSslKey sslKey(key, QSsl::Rsa);
              socket->setPrivateKey(sslKey);
          
              // Load SSL certificate from file
              QByteArray cert;
              QFile CertFile("server.crt");
              if(CertFile.open(QIODevice::ReadOnly))
              {
                  cert = CertFile.readAll();
                  CertFile.close();
              }
              else
              {
                  qDebug() << CertFile.errorString();
              }
          
              //set SSL Certificate
              QSslCertificate sslCert(cert);
              socket->setLocalCertificate(sslCert);
          
              QSslConfiguration cfg = socket->sslConfiguration();
              cfg.caCertificates();
          
              if (!socket->setSocketDescriptor(socketDescriptor))
              {
                  qDebug() << ("! Couldn't set socket descriptor");
                  delete socket;
                  return;
              }
          
              if (isBusy)
                   socket->waitForReadyRead();
          
              isBusy = true;
          
              socket->startServerEncryption();
          
              if (socket->isEncrypted()){
                  emit socket->encrypted();
              }
          
              if(!socket->waitForEncrypted(3000)) {
                  qDebug("Wait for encrypted!!!!");
                  return;
              }
          
              if (socket) {
                 connect(socket, SIGNAL(readyRead()), this, SLOT(doTxRx()));
                 connect(socket, SIGNAL(disconnected()), socket, SLOT(deleteLater()));
                 socket->waitForReadyRead();
              }
          }
          

          unfortunately I get no additional info. What I get is :

          Error: TLS Initialization failed
          
          1 Reply Last reply
          0
          • SGaistS Offline
            SGaistS Offline
            SGaist
            Lifetime Qt Champion
            wrote on last edited by
            #9

            QSslSocket has the sslErrors signal that might give you more clues.

            Interested in AI ? www.idiap.ch
            Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

            S 1 Reply Last reply
            2
            • SGaistS SGaist

              QSslSocket has the sslErrors signal that might give you more clues.

              S Offline
              S Offline
              samf48
              wrote on last edited by samf48
              #10

              @SGaist That definitely clued me in to what was going on. Additionally, these two functions helped out quite a bit.

                    sslSocket->sslLibraryBuildVersionString()
                    sslSocket->sslLibraryVersionString()
              

              The build library was reporting using OpenSSL version 1.0.2h, and the runtime(non-build Version) was non-existent on the machines where the SSL wasn't working. Only after I installed Git for Windows did my the runtime version show up and my program started working, this was because it installed the 1.0.2p .dll version in the PATH variable of my machine. The sslLibraryVersionString reported version 1.0.2p after that. After I got a hold of the ssleay32.dll and the libeay32.dll for version 1.0.2p and placed it alongside the .exe everything started working.

              So I guess that means that whatever version of OpenSSL I have installed on my machine is what QT Creator calls when building my program? Is there a way to specify what version to build against?

              1 Reply Last reply
              1
              • SGaistS Offline
                SGaistS Offline
                SGaist
                Lifetime Qt Champion
                wrote on last edited by
                #11

                Qt Creator is innocent. And Qt as well. There's no linking against the SSL libraries by default. They are loaded dynamically.

                Interested in AI ? www.idiap.ch
                Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                S 1 Reply Last reply
                1
                • SGaistS SGaist

                  Qt Creator is innocent. And Qt as well. There's no linking against the SSL libraries by default. They are loaded dynamically.

                  S Offline
                  S Offline
                  samf48
                  wrote on last edited by
                  #12

                  @SGaist okay good to know. Where is sslSocket->sslLibraryBuildVersionString() pulling that version from? And any clue as to why they differ?

                  1 Reply Last reply
                  0
                  • SGaistS Offline
                    SGaistS Offline
                    SGaist
                    Lifetime Qt Champion
                    wrote on last edited by
                    #13

                    That's the version of OpenSSL that was used when building Qt.

                    Interested in AI ? www.idiap.ch
                    Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                    Hans DijkemaH 1 Reply Last reply
                    0
                    • SGaistS SGaist

                      That's the version of OpenSSL that was used when building Qt.

                      Hans DijkemaH Offline
                      Hans DijkemaH Offline
                      Hans Dijkema
                      wrote on last edited by
                      #14

                      @SGaist I seem to have the same problem. I'm currently linking against openssl 1.0.2q. Is that a problem? Also I added a library path in Qt main where it can find the ssl dlls: QCoreApplication::addLibraryPath("c:/OpenSSL-Win64/bin");

                      Still it reports the initialization problems with SSL:

                      qDebug() << QSslSocket::supportsSsl() << QSslSocket::sslLibraryBuildVersionString() << QSslSocket::sslLibraryVersionString();

                      gives me:

                      false "OpenSSL 1.0.2p 14 Aug 2018" ""

                      and then:

                      QSslSocket::connectToHostEncrypted: TLS initialization failed ssl\qsslsocket.cpp: 457

                      What to do?

                      1 Reply Last reply
                      0
                      • SGaistS Offline
                        SGaistS Offline
                        SGaist
                        Lifetime Qt Champion
                        wrote on last edited by
                        #15

                        You should rather modify the PATH environnement variable in the Run part of the Project panel so it can be found at run time.

                        Interested in AI ? www.idiap.ch
                        Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                        1 Reply Last reply
                        2
                        • C Offline
                          C Offline
                          Crag_Hack
                          wrote on last edited by Crag_Hack
                          #16

                          I have the exact same situation as Hans. Same output from the program. I did a search and looky what I found... looks like M$ put libcrypto.dll in the system32 folder and that overrides getting dlls from the program path. Could it be somebody other than MS? I have .NET Framework 1.1, Win10 Dev Kit, Visual Studio 2017 Community, Strawberry Perl, Python, OpenSSL 1.1.1.a, some MS Visual C++ Redistributables, and MS System CLR Types for SQL Server. Nobody else should have done something like that. Also there is no libssl.dll in system32. I'm using OpenSSL 1.1.1a so libcrypto.dll and libssl.dll replace libeay32.dll and ssleay32.dll.

                          0_1545698470342_libcrypto.png

                          This is a fresh install of Win10 I did about a week ago or so. I added this to the beginning of the qDebug() with dbReply being a QNetworkReply:

                          qDebug() << dbReply->errorString() << QSslSocket::supportsSsl() << QSslSocket::sslLibraryBuildVersionString() << QSslSocket::sslLibraryVersionString();
                          

                          The total output is:

                          "Unknown error" false "OpenSSL 1.0.2p  14 Aug 2018" ""
                          

                          How do I remedy the situation if system32 takes priority over the program path?

                          1 Reply Last reply
                          0
                          • SGaistS Offline
                            SGaistS Offline
                            SGaist
                            Lifetime Qt Champion
                            wrote on last edited by
                            #17

                            First: use the same series of OpenSSL as was used to build Qt. OpenSSL 1.1 broke API and ABI compatibility with regards to the 1.0 series.

                            As for the rogue OpenSSL version in system32, it might very well be an application you installed or an application provided by the manufacturer of your machine. Neither are supposed to do that.

                            Interested in AI ? www.idiap.ch
                            Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                            1 Reply Last reply
                            2
                            • C Offline
                              C Offline
                              Crag_Hack
                              wrote on last edited by Crag_Hack
                              #18

                              I am running the program straight from Qt Creator when all this happens. Even without the dll's present in the application build directory the program still gives the same output from the qDebug() line. I'm thinking the dll is loaded elsewhere, perhaps from the system32 directory. I did a search for the dll using Process Explorer and all that turned up was Chrome and Avast.

                              If you look at the search for libcrypto.dll I did it shows up in a subfolder of the C:\Windows\WinSxS directory - does this imply it's been installed by a Windows component as opposed to a program?

                              Also I was wrong about system32 taking the highest priority for loading dll's; see here. It says the directory from which the program is loaded takes top priority for loading dll's; however when I place the libcrypto-1_1.dll and libssl-1_1.dll in the shadow build directory or the release subdirectory of the shadow build directory the qDebug() line shows again the wrong version of OpenSSL being loaded. The only possible explanation of that behavior I could find is on the dll path search page I linked to:

                              If a DLL with the same module name is already loaded in memory, the system checks only for redirection and a manifest before resolving to the loaded DLL, no matter which directory it is in. The system does not search for the DLL.
                              

                              Any ideas?

                              1 Reply Last reply
                              0
                              • SGaistS Offline
                                SGaistS Offline
                                SGaist
                                Lifetime Qt Champion
                                wrote on last edited by
                                #19

                                Yes, as already suggested, use OpenSSL 1.0 since it's the version that was used to build the version of Qt you are using.
                                As already written, OpenSSL broke API and ABI compatibility between 1.1 and 1.0.
                                It requires a different backend that is available since 5.10 but you have to select it when building Qt.

                                If you want OpenSSL 1.1, you should move to Qt 5.12 as IIRC this is now the default backend.

                                Interested in AI ? www.idiap.ch
                                Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                1 Reply Last reply
                                0
                                • C Offline
                                  C Offline
                                  Crag_Hack
                                  wrote on last edited by
                                  #20

                                  I currently am using 5.12 which dumps the OpenSSL version mentioned before from QSslSocket::sslLibraryBuildVersionString(). Why does the Qt dynamic libraries (that's what you download to be used with Qt Creator/VS or whatever right?) only support a specific version of OpenSSL? When you use

                                  INCLUDEPATH += "C:\Build-OpenSSL-VC-32\include"
                                  

                                  and

                                  LIBS += -LC:\Build-OpenSSL-VC-32\lib -llibcrypto -llibssl
                                  

                                  why doesn't it override whatever OpenSSL was used to build Qt? After all the includes and libraries contain all the OpenSSL code right? Does Qt have to know which functions it can call within the OpenSSL libraries and therefore since API/ABI compatibility broke with 1.1 it is restricted to whatever was used to build Qt?

                                  1 Reply Last reply
                                  0
                                  • SGaistS Offline
                                    SGaistS Offline
                                    SGaist
                                    Lifetime Qt Champion
                                    wrote on last edited by
                                    #21

                                    By default, for international distribution reason, Qt is not linked to OpenSSL but dlopens the dll if available.

                                    And yes, the version is restricted to what was used to build Qt as with any other dependency you may have.

                                    Interested in AI ? www.idiap.ch
                                    Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                    1 Reply Last reply
                                    0
                                    • C Offline
                                      C Offline
                                      Crag_Hack
                                      wrote on last edited by Crag_Hack
                                      #22

                                      Everything is working beautifully with Shining Light Productions OpenSSL 1.0.2q. Thanks for the help SGaist!

                                      1 Reply Last reply
                                      0
                                      • C Offline
                                        C Offline
                                        Crag_Hack
                                        wrote on last edited by
                                        #23

                                        @SGaist said in QSslSocket: TLS initialization Failed:

                                        Yes, as already suggested, use OpenSSL 1.0 since it's the version that was used to build the version of Qt you are using.
                                        As already written, OpenSSL broke API and ABI compatibility between 1.1 and 1.0.
                                        It requires a different backend that is available since 5.10 but you have to select it when building Qt.
                                        If you want OpenSSL 1.1, you should move to Qt 5.12 as IIRC this is now the default backend.

                                        When you say you have to select it when building Qt your'e referring to a static build right? Is there any way to do it for whatever version of dynamic Qt Qt Creator uses? Just curious.

                                        1 Reply Last reply
                                        0
                                        • SGaistS Offline
                                          SGaistS Offline
                                          SGaist
                                          Lifetime Qt Champion
                                          wrote on last edited by
                                          #24

                                          No, static or dynamic build doesn't play a role.

                                          Qt and Qt Creator are two linked but independent projects so I'm not sure what you are asking here.

                                          Interested in AI ? www.idiap.ch
                                          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                          1 Reply Last reply
                                          0

                                          • Login

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Users
                                          • Groups
                                          • Search
                                          • Get Qt Extensions
                                          • Unsolved