Does your QNetworkAccessManager emit encrypted() or sslErrors() signals? If so, what errors?

@SGaist Yeah I ended up setting environment variables to point to the OpenSSL install inside of Qt. That ended up solving my problems.

@Romain-C it is really odd - however I didn't do much work on High Sierra (it is very outdated). On Catalina and BigSur SSL support works out-of-the-box though.
Are you able to examine server side logs by any chance? This could help you to check if any connection is being made...

With regards to errors you should examine if QNetworkManager::SslErrors() signal is being emitted (simply connect to it) (I assume anonymousRequests is of type QNAM)

i am facing the same nightmare. it's 2weeks i'm stuck tryin' to obtain my static +openssl build and...no way.

No issues compiling without openssl support.

Any progress on that? Seems that nobody wants to help :(

Well WebAssembly is pretty strict, if you want to make https requests you need to use a proxy/bridge program that translates from websockets to http, it's installed on a PC on the same LAN as the WebAssembly PC (or on the same PC). For example you could use this one: https://github.com/novnc/websockify

@forca maybe you need to do some additional steps

From QSslSocket documentation:

Describes the peer verification modes for QSslSocket. The default mode is AutoVerifyPeer, which selects an appropriate mode depending on the socket's QSocket::SslMode.
QSslSocket::QueryPeer 1
QSslSocket will request a certificate from the peer, but does not require this certificate to be valid. This is useful when you want to display peer certificate details to the user without affecting the actual SSL handshake. This mode is the default for servers. Note: In Schannel this value acts the same as VerifyNone.

And looking at this QWebEnginePage browser example, check the Downloading Favicons code snippet, which may help you accessing the underlying QSslSocket

hey i didn't fixed it . i downloaded Qt5.12.4 and then upgraded my openssl lib to 1.1.1b

so i am good now
thanks !!

Hi,

Not the same backend used. Unless you re-build Qt and force the use of OpenSSL. Qt on macOS uses Apple's SecureTransport framework. OpenSSL on that platform has been deprecated a long time ago.

@SGaist

I have OpenSSL recently installed, but I am stating explicitly "no" for SSL connection option in MySql workbench.
The connection give a warning, but this relates to the workbench version which seem to be higher than the actual MySql install at the web domain. No mention of SSL at all there.

Since I have not really used OpenSSL I am lost on those parameters as used above. They are from the Qt document example and potentially completely wrong

Ok, thanks for the reply. It pointed me in the correct direction and after many failures I finally figured it out.
I guess you only learn when you need to dig deep.

The only thing I had to do was install the correct version of openSSL. Since it is my first time I had no idea what the letter actually meant, I picked the first build, which was version g, I had to install version n.

For all future wanderers, the only thing you need to do to make the client work is one of the two options:

Just copy ssleay32.dll and libeay32.dll to working directory OR Install the latest version and set PATH to the folder where the two dlls are located.

After that you can use QWebSocket without even knowing SSL exists. Just call:

QWebSocket socket; socket.open( QUrl("someaddress") );

And, when the dlls are found the warnings disappear.

That's it.

Hi,

You should rather bring this to the interest mailing list. You'll find there the QtRemoteObject developers/maintainers. This forum is more user oriented.

@kfrosty Thank you! Did work for me too! :)

Thanks. Path of least resistance was build OpenSSL for Android and deploy with our app.

IIRC there was a renaming of the libraries of OpenSSL so you'll have to double check.

The handshake is the process that establishes the secure connection, in Qt QSslSocket::connectToHostEncrypted and QSslSocket::startServerEncryption take care of the handshake. The "Hello Word" sent across is just normal TCP communication that could be done even without encryption (i.e. using QTcpSocket)

@Mkowalik-Mimesis
and why does it crash?
What is the value of incoming QNetworkReply* ?
Are you doing any fancy deletes?

in your CustomNetworkManagerFactory::create() you get a QObject* passed as a parent for the QNAM to create. But you set the parent to the this pointer instead. it would be cleaner not to couple the created QNAM with your factory class by connecting signals and slots of them. Instead you should subclass QNAM, move the onIgnoreSSLErrors() slot to it and connect it to itself instead. you are overwriting your local m_networkManager member variable everytime create() is called. Which doesn't go along with a factory implementation ;)

I don't know if this already solves your crash, it may be.

I currently have a very similar problem. I'm implementing a send mail client which should gracefully fall back to an unencrypted connection if encryption fails (and the user has decided to go ahead anyway). For that purpose I've connected to the QAbstractSocket::error() signal.

While I do get the signal it's ultimately moot since the code in question (QSslSocketBackendPrivate::startHandshake() in qsslsocket_openssl.cpp) immediately closes the socket by calling QSslSocket::abort() after emitting the signal. Because of that calling QSslSocket::ignoreSslErrors() is never an option.

I currently have no workaround in place. Maybe the only solution is to connect to the disconnected() signal and then check whether the connection was closed because of a handshake error. If it was, then open a new unencrypted socket/connection. I'm open to suggestions, though... :-)

Fixed the problem:

On Client-Side and on Server-Side i provide the following:

Private key of the certificate Public key of the certificate Public key of the CA

An connection is established. I am getting an SSLError: "The certificate is self-signed and untrusted", but i can either ignore it using ignoreSslErrors(); or the better method is by comparing the certificates to make sure it's all good.
Also i have re-created my certificates and my CA with the correct information, because I haven't provided the CN for localhost since i was testing on my local machine with my old certificates.

Anyways, the communication works with correct certificates.

@the_ I fixed this bug.
Thank you.