Unable to load HTTPS url using QWebEngineView
-
I am trying to load https link via QWebEngineView. I have done following steps-
LoadWebviewWindow::LoadWebviewWindow(QWidget *parent) : QMainWindow(parent) , ui(new Ui::LoadWebviewWindow) { ui->setupUi(this); m_view = new QWebEngineView(this); ui->m_webviewGL->addWidget(m_view); connect(m_view->page(), &QWebEnginePage::selectClientCertificate, this, &LoadWebviewWindow::slot_handleSelectClientCertificate); page->profile()->clearHttpCache(); page->profile()->setUseForGlobalCertificateVerification(true); loadCertificate(); connect(m_view, SIGNAL(loadFinished(bool)), this, SLOT(slot_loadPageFinished(bool))); m_view->load(QUrl("https://192.168.x.x/testurl")); } void LoadWebviewWindow::loadCertificate() { QFile pfxFile("/home/xyz/Downloads/Certificate_PKCS12.p12"); bool isOpen = pfxFile.open(QFile::ReadOnly); QSslKey key; QSslCertificate certificate; QList<QSslCertificate> certChain; // now import into those three bool imported = QSslCertificate::importPkcs12(&pfxFile, &key, &certificate, &certChain, "password"); QSslConfiguration config = QSslConfiguration(); config.setCaCertificates(certChain); config.setPrivateKey(key); m_view->page()->profile()->clientCertificateStore()->add(certificate, key); config.setProtocol(QSsl::TlsV1_2); config.setPeerVerifyMode(QSslSocket::VerifyNone); } void LoadWebviewWindow::slot_handleSelectClientCertificate(QWebEngineClientCertificateSelection selection) { if (selection.certificates().count() > 0) { qInfo() << selection.certificates().at(0).expiryDate(); selection.select(selection.certificates().at(0)); return; } }but I am getting following error every time in linux-.
[9386:9404:0218/115119.131010:ERROR:cert_verify_proc_nss.cc(969)] CERT_PKIXVerifyCert for 192.168.x.x failed err=-8172
[9386:9400:0218/115119.132489:ERROR:ssl_client_socket_impl.cc(941)] handshake failed; returned -1, SSL error code 1, net_error -202On interesting side, it works on one single laptop which is running on Windows OS. Rest on all other windows OS, linux OS it fails. I had tried loading this https url on mozilla and chrome after installing same certificate and it worked fine. Error I am receiving on Qt application is for QSslError::UnableToGetIssuerCertificate. I wonder why is it not calling slot_handleSelectClientCertificate slot when I have already handled it. Any idea is appreciated. Thank you
-
https://stackoverflow.com/questions/58875159/how-to-ignore-ssl-certificate-errors-with-qwebengineview link helped me to resolve the issue. Now HTTPS page load after ignoring ssl warning is fine. Thanks for ideas :)
-
I am trying to load https link via QWebEngineView. I have done following steps-
LoadWebviewWindow::LoadWebviewWindow(QWidget *parent) : QMainWindow(parent) , ui(new Ui::LoadWebviewWindow) { ui->setupUi(this); m_view = new QWebEngineView(this); ui->m_webviewGL->addWidget(m_view); connect(m_view->page(), &QWebEnginePage::selectClientCertificate, this, &LoadWebviewWindow::slot_handleSelectClientCertificate); page->profile()->clearHttpCache(); page->profile()->setUseForGlobalCertificateVerification(true); loadCertificate(); connect(m_view, SIGNAL(loadFinished(bool)), this, SLOT(slot_loadPageFinished(bool))); m_view->load(QUrl("https://192.168.x.x/testurl")); } void LoadWebviewWindow::loadCertificate() { QFile pfxFile("/home/xyz/Downloads/Certificate_PKCS12.p12"); bool isOpen = pfxFile.open(QFile::ReadOnly); QSslKey key; QSslCertificate certificate; QList<QSslCertificate> certChain; // now import into those three bool imported = QSslCertificate::importPkcs12(&pfxFile, &key, &certificate, &certChain, "password"); QSslConfiguration config = QSslConfiguration(); config.setCaCertificates(certChain); config.setPrivateKey(key); m_view->page()->profile()->clientCertificateStore()->add(certificate, key); config.setProtocol(QSsl::TlsV1_2); config.setPeerVerifyMode(QSslSocket::VerifyNone); } void LoadWebviewWindow::slot_handleSelectClientCertificate(QWebEngineClientCertificateSelection selection) { if (selection.certificates().count() > 0) { qInfo() << selection.certificates().at(0).expiryDate(); selection.select(selection.certificates().at(0)); return; } }but I am getting following error every time in linux-.
[9386:9404:0218/115119.131010:ERROR:cert_verify_proc_nss.cc(969)] CERT_PKIXVerifyCert for 192.168.x.x failed err=-8172
[9386:9400:0218/115119.132489:ERROR:ssl_client_socket_impl.cc(941)] handshake failed; returned -1, SSL error code 1, net_error -202On interesting side, it works on one single laptop which is running on Windows OS. Rest on all other windows OS, linux OS it fails. I had tried loading this https url on mozilla and chrome after installing same certificate and it worked fine. Error I am receiving on Qt application is for QSslError::UnableToGetIssuerCertificate. I wonder why is it not calling slot_handleSelectClientCertificate slot when I have already handled it. Any idea is appreciated. Thank you
-
@Ryna said in Unable to load HTTPS url using QWebEngineView:
Any hints anyone?
I'd try capturing network traffic (Wireshark is your friend...) both with your Qt app and the browsers and compare them to see what's going on
-
@Ryna said in Unable to load HTTPS url using QWebEngineView:
Any hints anyone?
I'd try capturing network traffic (Wireshark is your friend...) both with your Qt app and the browsers and compare them to see what's going on
@Pablo-J-Rogina Thanks for your reply. Now I am able to get the exact issue at least. So client is not able to trust server certificate, that's the reason application is not even asking for client installed certificate. So to the best of my understanding, I need to do something similar to "I trust the certificate"/"Add exception" kind of thing, when server responds with its certificate details.
Any idea on how can I do that? Am I supposed to create SSL socket first? I am clueless here.
TIA -
https://stackoverflow.com/questions/58875159/how-to-ignore-ssl-certificate-errors-with-qwebengineview link helped me to resolve the issue. Now HTTPS page load after ignoring ssl warning is fine. Thanks for ideas :)
