Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

Qt 5.12.3 QtWebEngine + QWebPage + SSL: verify server cert on client side (picture inside)



  • Hello all,

    I try to check/verify (ca "identifier" info available) server cert on client side, like it pictured in step(3), in order to avoid step 4+5 (yes, I dont want send my client cert "offhandedly").
    alt text
    From the QWebEnginePage, there is a virtual method:

    virtual bool certificateError(const QWebEngineCertificateError& err) override;
    

    or a signal

    void signal QWebEnginePage::selectClientCertificate(QWebEngineClientCertificateSelection selection)
    

    but, nothing about incoming from step(2) server cert.
    Is there any way to get info about, incoming from step(2), server cert?

    this is my impl of page:

       class WebPage : public QWebEnginePage
       {
          public:
             WebPage(QObject* parent = NULL);
             virtual ~WebPage();
    
          protected:
             virtual bool certificateError(const QWebEngineCertificateError& err) override;
    
          private slots:
             void handleSelectClientCertificate(QWebEngineClientCertificateSelection selection);
    
          private:
             bool mState;
    
    connect(this, &QWebEnginePage::selectClientCertificate, this, &WebPage::handleSelectClientCertificate);
       };
    

    here is my (as solved) associated bug request about client cert handling on linux:
    https://bugreports.qt.io/browse/QTBUG-71103

    Thank you all.



  • @forca maybe you need to do some additional steps

    From QSslSocket documentation:

    Describes the peer verification modes for QSslSocket. The default mode is AutoVerifyPeer, which selects an appropriate mode depending on the socket's QSocket::SslMode.
    QSslSocket::QueryPeer 1
    QSslSocket will request a certificate from the peer, but does not require this certificate to be valid. This is useful when you want to display peer certificate details to the user without affecting the actual SSL handshake. This mode is the default for servers. Note: In Schannel this value acts the same as VerifyNone.

    And looking at this QWebEnginePage browser example, check the Downloading Favicons code snippet, which may help you accessing the underlying QSslSocket