QSslSocket will only pass ssl handshake when peerverifyHost is set

pjorourke

I am new to ssl / networking and want to utilize mutal ssl ( client verifies server and server verifies peer) I found a white paper (http://www.infidigm.net/articles/qsslsocket_for_ssl_beginners/) online that gave me some guidance for setting up my certs and keys. Now this paper utilizes a local host ip address as the clients cert file. I want to switch this to a register domain name (scp.radiant.io). This FQDN is local to my ubuntu os for testing purposes

1. updated my localhost to have a domianname (scp.radiant.io). by modifying this file sudo nano /etc/hosts/ to say 127.0.0.1 scp.radiant.io localhost

2. Next I create certificate and private keys for both client and server
   a. Steps for server side and client side
   openssl req -out server_ca.pem -new -x509 -nodes \ -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORG/OU=$ORG_UNIT/CN=server/emailAddress=radiant.$EMAIL"
mv privkey.pem server_privatekey.pem
touch server_index.txt
echo "00" >> server_index.txt
openssl genrsa -out server_local.key 1024
openssl req -key ${NAME}_local.key -new -out server_local.req -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORG/OU=$ORG_UNIT/CN=scp.radiant.io/emailAddress=$EMAIL"
openssl x509 -req -in ${NAME}_local.req -CA ${NAME}_ca.pem -CAkey server_privatekey.pem -CAserial server_index.txt -out server_local.pem
   b. this gernerates a CaCerts (server_ca.pem and client_ca.pem)
   c. this gernerates a Local Cert files (server_local.pem and client_local.pem).. THIS IS WHERE I SET FQDN to scp.radiant.io
   d. this generate a LocalKey (server_local.key and client_local.key)

3. I use the gererated cert files for setting up the ssl configuration on the QSslSocket for both sides like so

      //client socket setup
        config.setPrivateKey("server_local.key");
        config.setLocalCertificate("server_local.pem");
        config.addCaCertificate("client_ca.pem");
        config.setPeerVerifyMode("QSslSocket::VerifyPeer");
        sslSocket->setSslConfiguration(config); 
        sslSocket->connectToHostEncrypted("scp.radiant.io",1200);
   
       // server socket setup
        config.setPrivateKey("client_local.key");
        config.setLocalCertificate("client_local.pem");
        config.addCaCertificate("server_ca.pem");
        config.setPeerVerifyMode("QSslSocket::VerifyPeer");
        sslSocket->setSslConfiguration(config); 
        sslSocket->startServerEncryption()
   

4. When running this code i get the following error in my ssl errors. "The host name did not match any of the valid hosts for this certificate

5. Now if I change the client socket to use this when connecting sslSocket->connectToHostEncrypted("scp.radiant.io",1200,"scp.radiant.io"); it will work.

I dont understand why I have to set the peerVerifyHost argument when connecting encrypted. I would like use the same certificates for my WebSockets implementation for this as well but the QWebSocket class does not allow you to set the peerverifyHost when connecting. So I must be doing something wrong at the cert level or the os level for my FQDN. any networking and ssl help would be helpful