I currently have a very similar problem. I'm implementing a send mail client which should gracefully fall back to an unencrypted connection if encryption fails (and the user has decided to go ahead anyway). For that purpose I've connected to the QAbstractSocket::error() signal.

While I do get the signal it's ultimately moot since the code in question (QSslSocketBackendPrivate::startHandshake() in qsslsocket_openssl.cpp) immediately closes the socket by calling QSslSocket::abort() after emitting the signal. Because of that calling QSslSocket::ignoreSslErrors() is never an option.

I currently have no workaround in place. Maybe the only solution is to connect to the disconnected() signal and then check whether the connection was closed because of a handshake error. If it was, then open a new unencrypted socket/connection. I'm open to suggestions, though... :-)

Fixed the problem:

On Client-Side and on Server-Side i provide the following:

Private key of the certificate Public key of the certificate Public key of the CA

An connection is established. I am getting an SSLError: "The certificate is self-signed and untrusted", but i can either ignore it using ignoreSslErrors(); or the better method is by comparing the certificates to make sure it's all good.
Also i have re-created my certificates and my CA with the correct information, because I haven't provided the CN for localhost since i was testing on my local machine with my old certificates.

Anyways, the communication works with correct certificates.

@the_ I fixed this bug.
Thank you.

I didn't.
But also it didn't fixed the error.

The QT client can connect to the server with wss.
The Webclient can't connect to the server with wss. But an echo test to "wss://echo.websocket.org" is successfully, so the browser is okay. The question is, what's the difference between Qt secure websocket and the other solutions? Is it may some different SSL/TSL config?
I'm using QSsl::TlsV1SslV3

Hi and welcome to devnet,

Don't copy these DLLs, unless it has changed over time, Qt Creator is build with MSVC and you have a MinGW Qt build. You should rather get the official OpenSSL package and install that one to use with your application.

Self-signed certificate are always the more complicated to manage (i.e. nobody trust them since no valid CA validated them)

Sorry, I'm don't remember of such a howto...

No, there won't be another release of Qt 5.3. The next release is 5.6.0 the first LTS of Qt 5.

Hi,

Glad you found out and thanks for sharing !

Just a side note, you can now mark the thread as solved using the "Topic Tool" button. So there's no need to modify the title anymore.

Hi,

Since last version, the MySQL backend supports setting up SSL on the connection with CLIENT_SSL

Hope it helps

It's been some time now. I don't remember exactly, but I think it was most likely from here:

ftp://linorg.usp.br/mysql/Downloads/Connector-C/mysql-connector-c-6.1.5-src.zip

It's one of the official mirrors.

@SGaist

Thank you very much, I used the work-around they proposed
(storing a copy of the certificate in the local resources of the app & adding that to the default CACertificate list before opening the socket)
I'm afraid this won't be a clean long term solution though (the certificate will stay valid for a while, but eventually expires I guess).
If anyone has any idea's for a more clean/permanent solution I'm very much open to suggestions.
In the mean time this will have to do.
Thanks again, I appreciate the comment

Hi,

since I am convinced that somebody else will also have similar problems I wrote a tutorial how to create a multithreaded server:

https://five-s.de/en/how-to-create-a-multithreaded-server-in-qt

Best regards

@koahnig I am using 2.0.1

You should also check the sslErrors signal

Hi,

One alternative to consider is to rebuild Qt using the new Secure Transport backend for OS X.

Please this code from me where I did exactly this:
https://github.com/cybercatalyst/qtwebserver/blob/master/tcp/tcpmultithreadedserver.cpp#L141

void MultithreadedServer::setDefaultSslConfiguration() { // Set a default SSL configuration just to have it running out of the // box. Only for development purposes, never distribute an application // that relies on SSL with the default configuration set. You can // generate your own key and self-signed certificate: // // $ openssl req -x509 -newkey rsa:2048 -keyout server.key -nodes -days 365 -out server.crt QSslConfiguration sslConfiguration; QByteArray defaultKey = "-----BEGIN PRIVATE KEY-----\n" "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQdRrom1g/MsJh\n" "bfwVBZH+oxuGeIBO3jeNWs2bjpDmjtEtMz66LfFVrjuggt0UeNFb1Ve3tYIVq4Wj\n" "gmHYUOB44KCzVqJrd1mZdDKukdvoalJyh5f5/kqLdNGzrfjl5fmtK4jy76xM0oV4\n" "aZlj8eC4+odrS9HLHfBylDIeSXPWtThFw02IGiQALbtW8cqHSOXhucPAwiNFELVd\n" "jjFLa0buQSWq3WSZnroLwOXxfd2dtIoDIn319wTRFPAHWQDqlIuvefYvNzel65yY\n" "ZwoomIOrcxfN7IczLxkryD1uZpr4u2aWpHpz+mB7WXhPW82H6qT205e25iDbiZUQ\n" "+2UJWBHBAgMBAAECggEBAKF7Fe066ZGLcKio2q4uMnpfP+NbVYnC+qW1wbDPL9Bq\n" "sf+hwuXW0SzeW7JrrXc+YHATRHA7WxoOVOflCIbZoAoDeHl0kz1Mp0wIh3pT41aX\n" "hmbSQxiVtIlzZT8bdcQh8tgC8YO/xml8a4hrxTd3F+4zpNOpWEtQVgNsaaasn9+h\n" "/I/8uQ6oYkNISbnrs7u2fkFAw2/RbyZ6E2Dr9fMiDVUSa5ppFFHjfkgzbGA56Mtg\n" "0DdpxWMhICVMwlTI23zmjIAssyJG6xfCQfll9XbsiPAx9/uwAMIFPaUaWBzEUmhh\n" "L+/7hESQ7DGIfKxUqtiyvT53EuupxUxkcr0useZY5UECgYEA6wis5xcEo4eBk5o4\n" "IYcdZ93LrgwKtWj6e50sVs4NgCgsDWbH99IhNIxwQnCJ02O/aacbFV0d+jB9Jh+M\n" "NKTmqDxoe+EY2WJ+sR/YZ9VZwoHFwqubL1BzroX8FBN363tjicfFA+o3bSb4OXDC\n" "PINFzSLH8cLhFOo3UFiZf9I9ZZcCgYEA4w2FDGzhnpZPToiT/nwf55Ze2lJsPWlP\n" "8XydHoIWDIbUd1LnxBnoGZF1pefexoIy8zesGBfjHC7t6tC/4zy2oqECiP6ESACN\n" "8yhSDG+iegTU59LOk+blserR52c2vNGOR7RFbAyZeg3XXwlvQOpaquIP6tc7vkv1\n" "FijDcWm3nmcCgYAUAu0Vz/PpKIRz2NGmqSZrzYqmCwhuYb3SAJPh4DFuE/2MNpAY\n" "HaAOJVb5kTNq+Dc3+65mp0MCJlbBhDYf1Vp+QIZ05bmD6Mr4sclvLc8yrHH2HT5d\n" "TPBMj8PiwbWYKy1ScdvodWy6snK4EU24cUTkLm3vu7QGX9rN0H1hULlBiQKBgQC5\n" "rgW/ao98HJoQtFqrBCEnR+6cBkmkUypgZzMqjuGvLtg0GOWWlkUcG7uliKDDoBhA\n" "lKe1MFu3YZ2JqVszXyRQjPHAzLurEmEDmFa4+tZZiPf/+YKcq3fubwVngx3dflYn\n" "x4H6YbdlfEpD2zhTUxQAqUyxFYEzF3T/wShL6FOUQwKBgA2qSGUvxHcyWw8jnQ2g\n" "BbwtU75LCvTrSuIQ8DJIVt5+W9iseNi+q51w6hTAUleJ+4X7RDrSisQucbDAY+Fg\n" "Tyz0YVk4+WR0G7ZYAjLJBe7KpzpDZ4mI8yhfYBMhH+Rtkzk96ECezEve8L3llUqD\n" "s7+8TR6cFYhHQQH3DQ5BKdt0\n" "-----END PRIVATE KEY-----"; QByteArray defaultCertificate = "-----BEGIN CERTIFICATE-----\n" "MIIDhzCCAm+gAwIBAgIJAP9LmloP2P0tMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV\n" "BAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMSAwHgYDVQQKDBdRdFdlYlNlcnZl\n" "ciBEZXZlbG9wbWVudDEUMBIGA1UEAwwLRGV2ZWxvcG1lbnQwHhcNMTUwNDIxMDYw\n" "MTE4WhcNNDUwNDEzMDYwMTE4WjBaMQswCQYDVQQGEwJERTETMBEGA1UECAwKU29t\n" "ZS1TdGF0ZTEgMB4GA1UECgwXUXRXZWJTZXJ2ZXIgRGV2ZWxvcG1lbnQxFDASBgNV\n" "BAMMC0RldmVsb3BtZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" "0HUa6JtYPzLCYW38FQWR/qMbhniATt43jVrNm46Q5o7RLTM+ui3xVa47oILdFHjR\n" "W9VXt7WCFauFo4Jh2FDgeOCgs1aia3dZmXQyrpHb6GpScoeX+f5Ki3TRs6345eX5\n" "rSuI8u+sTNKFeGmZY/HguPqHa0vRyx3wcpQyHklz1rU4RcNNiBokAC27VvHKh0jl\n" "4bnDwMIjRRC1XY4xS2tG7kElqt1kmZ66C8Dl8X3dnbSKAyJ99fcE0RTwB1kA6pSL\n" "r3n2Lzc3peucmGcKKJiDq3MXzeyHMy8ZK8g9bmaa+LtmlqR6c/pge1l4T1vNh+qk\n" "9tOXtuYg24mVEPtlCVgRwQIDAQABo1AwTjAdBgNVHQ4EFgQUm4DLVsXhMy8J7Us4\n" "QoTdTgVS9CEwHwYDVR0jBBgwFoAUm4DLVsXhMy8J7Us4QoTdTgVS9CEwDAYDVR0T\n" "BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAmxPOPLbq0EBBWrboNfGtD1OTnchy\n" "kBlhrSG+2gLNS3lfiphOZ+qtUGNTgewAk+nR5sraw4uFG8+6oQmNFS35zlbzWhgC\n" "dveQaT4CNtXCpAevRCbhhuDxzU0W0Dtenf3xFBC2wUWbAwxGZuklyA5ohl9+1By7\n" "YG5dPYYsgoeQl9t5yg5orh39kcrrz/exNlPH71qZO6QrPLlaRs0q4S4Yj33hgm/1\n" "XAILf9ZtcTElTRhSHC81bZz2HG84nP39WJCe4hH081cdkAMm7W2fzPTzHUWWRW34\n" "PMB0Ipp7R7CrztyxyaaDo1S3ozEpqvVT0KI65dWLt8ZsggcKxP6P5aeCBQ==\n" "-----END CERTIFICATE-----"; QSslKey sslKey(defaultKey, QSsl::Rsa); sslConfiguration.setPrivateKey(sslKey); QSslCertificate sslCertificate(defaultCertificate); sslConfiguration.setLocalCertificate(sslCertificate); sslConfiguration.setProtocol(QSsl::AnyProtocol); setSslConfiguration(sslConfiguration); }

It's because Qt (or rather QSslSocket) closes the connection immediately after emitting the error() signal.

Hi and welcome to devnet,

Currently just had a segmentation fault on OS X, will need to take a deeper look

Hi,

Might be a silly question but is your OpenSSL library deployed with your application ? Or did you build it statically ?