Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

https request with self signed certificate



  • Hello everyone

    I would like to make a https get request to a server which has a self signed certificate. When I do the request with curl it looks like this and it returns the correct values:

    curl -G -k -H 'Accept: application/json' -H "Authorization: Bearer ${AuthoToken}" https://123.123.123.123:xx/api/users
    

    The AuthoToken is stored in an environment variable.

    Ho can I implement this in my Qt Application? I tried around for several hours with QNetworkRequest and QSslSocket, but somehow I cannot figure out how to get it working. The certificate of the server looks something like this. I copied it into a cert.pem file.

    -----BEGIN CERTIFICATE-----
    MIIFozCCA4ugAwIBAgIJAJlqb0yOOzbYMA0GCSqGSIb3DQEBDAUAMGQxCzAJBgNV
    BAYTAmNoMRgwFgYDVQQDDA92ei1hcmNhLTEubG9jYWwxFTATBgNVBAoMDEFSQ0FU
    cnVzdCBTQTEkMCIGA1UECwwbYXJjYS0wLjAuMC4wIGdlbmVyYXRlZCBjZXJ0MB4X
    DTE5MDMyMjExNTAyOVoXDTIwMDMyMTExNTAyOVowZDELMAkGA1UEBhMCY2gxGDAW
    BgNVBAMMD3Z6LWFyY2EtMS5sb2NhbDEVMBMGA1UECgwMQVJDQVRydXN0IFNBMSQw
    IgYDVQQLDBthcmNhLTAuMC4wLjAgZ2VuZXJhdGVkIGNlcnQwggIiMA0GCSqGSIb3
    DQEBAQUAA4ICDwAwggIKAoICAQCbGyFGKZCMvfgNZL/Q5RwYVpWTdNYfPTZdkfnn
    /4beMdhAF00yQF3bK8dbYaReJ+9x/fOZ1KdnqVkQoiDNoNNfx9GJHSZKO5tg1yep
    21dInG3K8Zu+Ror7//J5jxMyd9KfAFbDfydRvOiyCQIhxfu6/BnpHdGzHYmhjhsD
    uYdblMHhetzhip3WQJqw51mp3Mr86okpAnoev3kWDTtfR+fKhIcLJCt7fIyyIzh4
    A7/GydogOA3rLyK/y8YFytP+aTVVtmOYHZkFl/4TU1HKDKOsa2uq+YxuW6d0kd4+
    ymBfgaTxpMEbOSJoSf+lYX7Fmn722baljO/rV2n/cwbGH/FLHaANzETJ8UpVutNv
    wq4NgFr6qaDl2wOJdH+JMp6Q+4R+EfEbut08auSJEtfh4enf1VYdPcBuSr4XZy1i
    1r3o3eR0J5HzcDtLPWXGe1GXFHSRmGIobPLiFVeTclQNOleTq2EW9Xdnl+AdvRke
    WEnVA3g9XFf+jqLWLa8yAQ7U++wRiua/SuBuyDxzSVIlXOe6CcK7mZQVkoDTe9i2
    EyUcKFYC6HYhxfccmwwyrG29WykSpnkQArBEyD6L9MdN7mb428IXcGVIxbZfxTpm
    zN52Q/dFFY8R0bkzDQtZM02luadsfpzl9gXfq5itqlhE4uIBWSIv36rVvOnRMMHxLoFJ
    RDSQ9wIDAQABo1gwVjBUBgNVHREETTBLgglsb2NhbGhvc3SCD3Z6LWFyY2EtMS5s
    b2NhbIIJdnotYXJjYS0xhxAAAAAAAAAAAAAAAAAAAAABhwR/AAABhwQKFAJlhwSp
    /qn+MA0GCSqGSIb3DQEBDAUAA4ICAQAlSaON4Qbo9c/CNtlP3jMke1oh4m7vqLGa
    RcuqOXWGaRIdZ7Hl9uuIylasdadfLIwCne9hQYJ+XuEO965IXulUEV/AezVrUvbvDX2g9l
    fEb2bHGfT9R6zDp5w7gO0QkXrBasdfHrz8tOSEW+GHewvLNGjysFR2R3gq07pJFESMHg
    KrJkO2AOgaOyUMl4yuPDmMUjZt9b8KgF6bhvLxZgSBsgNBGxCGTAanQ1AAVFLk/3
    fAyYt85Ao7NpFLkDLBAkBHrp8GepZnFzUk891pWkxHgbDsu4Es6H52RzhTRjfFuu
    un0mjauWhlvFDf0jq8+sjVS8lQ0wctJ0Mt7zSjA7FinOmv8rxhrOY0MvscTZ9v5X
    sDmJat5+XvPPoof1+TdpXeOoHfNbNv0CSXTQtbHuA6vQIejY9lNDMPqwyN7kzjd/
    BsgH7v35rMUNi6/Fb+ofrzI3OpzGWiQwEZ+xqAzkfB7nNrAVa8SGpv7ifFG0W97A
    4IOQ8HsVYv8iQuSQ/L5L0NpBQKptaAaHbYOwkcdCelCQ++JP11Q7xei5c4CFj37H
    byj+tXrTRfg9zWmpAts6Tg9gXDasdf6gdF98+fzIIa21Sw/469+c1APx15YC+A5PBb/H
    Dgf9olHEOL1ZF9PXVM+uJl8ZX7xAasfdY6CCV4jMuKOd0iQ9dDvdavHOaARGW+VxpdE2
    b2iudep5VQ==
    -----END CERTIFICATE-----
    

    The request should return a JSON Object which I can process in my application.

    openSSL seem to work. When I call:

    qDebug() << "openSSL Version:" << QSslSocket::sslLibraryBuildVersionString();
    

    I get the following output:

    openSSL Version: "OpenSSL 1.1.1c  28 May 2019"
    

    Thanks for your help


  • Lifetime Qt Champion

    Hi,

    What exact error are you getting from the socket ?



  • That is my test applikation:

    MainWindow::MainWindow(QWidget *parent) :
        QMainWindow(parent),
        ui(new Ui::MainWindow)
    {
        ui->setupUi(this);
    
        qDebug() << "openSSL Version:" << QSslSocket::sslLibraryBuildVersionString();
    
        QSslSocket *socket = new QSslSocket(this);
        connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
    
        QString certPath = "/home/xyz/src/qtsrc-5.13/socket/cert.pem.txt";
        QSslCertificate certificate = getCertificate(certPath);
        QList<QSslCertificate> certificates;
        certificates << certificate;
    
        socket->addCaCertificate(certificate);
    
        QSslConfiguration config = socket->sslConfiguration();
        QList<QSslCertificate> sockeCertificates = config.caCertificates();
        qDebug() << "Number of Certificates" << sockeCertificates.size();
        qDebug() << "isNull:" << sockeCertificates.at(0).isNull();
        qDebug() << "isSelfSigned:" << sockeCertificates.at(0).isSelfSigned();
    
        /*
        config.setCaCertificates(certificates);
        socket->setSslConfiguration(config);
        */
    
        socket->connectToHostEncrypted("1.1.1.1", 1163);
        if (!socket->waitForEncrypted()) {
            qDebug() << "Socket Error:" << socket->errorString();
        }
    
        socket->write("GET / HTTP/1.0\r\n\r\n");
        while (socket->waitForReadyRead())
            qDebug() << socket->readAll().data();
    }
    
    MainWindow::~MainWindow()
    {
        delete ui;
    }
    
    void MainWindow::ready()
    {
        qDebug() << "Ready";
    }
    
    QSslCertificate MainWindow::getCertificate(const QString filePath)
    {
        QFile certFile(filePath);
    
        QByteArray certArray;
        if (certFile.open(QIODevice::ReadOnly | QIODevice::Text)) {
            while (!certFile.atEnd()) {
                QByteArray line = certFile.readLine().trimmed();
                certArray.append(line);
            }
        }
    
        return QSslCertificate(certArray);
    
    }
    

    And the is the output:

    openSSL Version: "OpenSSL 1.1.1c  28 May 2019"
    Number of Certificates 1
    isNull: true
    isSelfSigned: false
    Socket Error: "Der Name des Hosts ist keiner aus der Liste der für dieses Zertifikat gültigen Hosts"
    

    I'm not quite sure how to setup the certificate which I got from the server.


Log in to reply