Solved Unable to load HTTPS url using QWebEngineView

Ryna

I am trying to load https link via QWebEngineView. I have done following steps-

LoadWebviewWindow::LoadWebviewWindow(QWidget *parent)
    : QMainWindow(parent)
    , ui(new Ui::LoadWebviewWindow)
{
    ui->setupUi(this);
    m_view = new QWebEngineView(this);
    ui->m_webviewGL->addWidget(m_view);

    connect(m_view->page(), &QWebEnginePage::selectClientCertificate,
            this, &LoadWebviewWindow::slot_handleSelectClientCertificate);
    page->profile()->clearHttpCache();
    page->profile()->setUseForGlobalCertificateVerification(true);

    loadCertificate();
    connect(m_view, SIGNAL(loadFinished(bool)), this, SLOT(slot_loadPageFinished(bool)));
    m_view->load(QUrl("https://192.168.x.x/testurl"));
}

void LoadWebviewWindow::loadCertificate()
{
    QFile pfxFile("/home/xyz/Downloads/Certificate_PKCS12.p12");
    bool isOpen = pfxFile.open(QFile::ReadOnly);
    QSslKey key;
    QSslCertificate certificate;
    QList<QSslCertificate> certChain;

    // now import into those three
    bool imported = QSslCertificate::importPkcs12(&pfxFile, &key, &certificate, &certChain, "password");

    QSslConfiguration config = QSslConfiguration();
    config.setCaCertificates(certChain);
    config.setPrivateKey(key);
    m_view->page()->profile()->clientCertificateStore()->add(certificate, key);
    config.setProtocol(QSsl::TlsV1_2);
    config.setPeerVerifyMode(QSslSocket::VerifyNone);
}

void LoadWebviewWindow::slot_handleSelectClientCertificate(QWebEngineClientCertificateSelection selection)
{
    if (selection.certificates().count() > 0)
    {
        qInfo() << selection.certificates().at(0).expiryDate();
        selection.select(selection.certificates().at(0));
        return;
    }
}

but I am getting following error every time in linux-.

[9386:9404:0218/115119.131010:ERROR:cert_verify_proc_nss.cc(969)] CERT_PKIXVerifyCert for 192.168.x.x failed err=-8172
[9386:9400:0218/115119.132489:ERROR:ssl_client_socket_impl.cc(941)] handshake failed; returned -1, SSL error code 1, net_error -202

On interesting side, it works on one single laptop which is running on Windows OS. Rest on all other windows OS, linux OS it fails. I had tried loading this https url on mozilla and chrome after installing same certificate and it worked fine. Error I am receiving on Qt application is for QSslError::UnableToGetIssuerCertificate. I wonder why is it not calling slot_handleSelectClientCertificate slot when I have already handled it. Any idea is appreciated. Thank you

Ryna

https://stackoverflow.com/questions/58875159/how-to-ignore-ssl-certificate-errors-with-qwebengineview link helped me to resolve the issue. Now HTTPS page load after ignoring ssl warning is fine. Thanks for ideas :)

Ryna

Any hints anyone? Appreciate your help.

Pablo J. Rogina

@Ryna said in Unable to load HTTPS url using QWebEngineView:

Any hints anyone?

I'd try capturing network traffic (Wireshark is your friend...) both with your Qt app and the browsers and compare them to see what's going on

Ryna

@Pablo-J-Rogina Thanks for your reply. Now I am able to get the exact issue at least. So client is not able to trust server certificate, that's the reason application is not even asking for client installed certificate. So to the best of my understanding, I need to do something similar to "I trust the certificate"/"Add exception" kind of thing, when server responds with its certificate details.

Any idea on how can I do that? Am I supposed to create SSL socket first? I am clueless here.
TIA

Ryna

https://stackoverflow.com/questions/58875159/how-to-ignore-ssl-certificate-errors-with-qwebengineview link helped me to resolve the issue. Now HTTPS page load after ignoring ssl warning is fine. Thanks for ideas :)