Issue with QWebsocket Handshake

Justin Pattison-Schmidt

Qt 5.12.6, openssl 1.1.1c
I have an issue with QWebsocket handshake failing with error 13.
First everything works with a CA cert on the server. However, with a self-signed cert on the server I have to do "setPeerVerifyMode(VerifyNone)" for it to work.

Some debugging:
I traced to this function:

bool QSslSocketBackendPrivate::checkSslErrors()
{
    Q_Q(QSslSocket);
    if (sslErrors.isEmpty())
        return true;

    emit q->sslErrors(sslErrors);

    bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
                        || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
                            && mode == QSslSocket::SslClientMode);
    bool doEmitSslError = !verifyErrorsHaveBeenIgnored();
    // check whether we need to emit an SSL handshake error
    if (doVerifyPeer && doEmitSslError) {
        if (q->pauseMode() & QAbstractSocket::PauseOnSslErrors) {
            pauseSocketNotifiers(q);
            paused = true;
        } else {
            setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, sslErrors.constFirst().errorString());
            plainSocket->disconnectFromHost();
        }
        return false;
    }
    return true;
}

verifyErrorsHaveBeenIgnored() is returning false

bool QSslSocketPrivate::verifyErrorsHaveBeenIgnored()
{
    bool doEmitSslError;
    if (!ignoreErrorsList.empty()) {
        // check whether the errors we got are all in the list of expected errors
        // (applies only if the method QSslSocket::ignoreSslErrors(const QList<QSslError> &errors)
        // was called)
        doEmitSslError = false;
        for (int a = 0; a < sslErrors.count(); a++) {
            if (!ignoreErrorsList.contains(sslErrors.at(a))) {
                doEmitSslError = true;
                break;
            }
        }
    } else {
        // if QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) was not called and
        // we get an SSL error, emit a signal unless we ignored all errors (by calling
        // QSslSocket::ignoreSslErrors() )
        doEmitSslError = !ignoreAllSslErrors;
    }
    return !doEmitSslError;
}

ignoreAllSslErrors seems to be false even though I am calling ignoreSslErrors(). I call it prior to calling open() as well as sslerror signal

After tracing it appears that that QSslSocketPrivate::init() is being called in the QSslSocket() constructor as well as in connectToHostEncrypted() which is called in QWebsocket AFTER I set ignoreSslErrors()

Am I doing something wrong or is this a bug?

SGaist

Hi,

From the looks of it your reasoning seems fine.

Did you check with a more recent version of Qt ?

Justin Pattison-Schmidt

I have not.

aha_1980

@Justin-Pattison-Schmidt Then please do.

Justin Pattison-Schmidt

Tried with latest 5.14.1, same behavior.

SGaist

Then, you should check the bug report system to see if there's already something related. If not, then please open a new issue with the reasoning you provided here. You can link to this thread but please put the complete explanation on the ticket as links may fail over time while the ticket should not.