Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

Issue with QWebsocket Handshake



  • Qt 5.12.6, openssl 1.1.1c
    I have an issue with QWebsocket handshake failing with error 13.
    First everything works with a CA cert on the server. However, with a self-signed cert on the server I have to do "setPeerVerifyMode(VerifyNone)" for it to work.

    Some debugging:
    I traced to this function:

    bool QSslSocketBackendPrivate::checkSslErrors()
    {
        Q_Q(QSslSocket);
        if (sslErrors.isEmpty())
            return true;
    
        emit q->sslErrors(sslErrors);
    
        bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
                            || (configuration.peerVerifyMode == QSslSocket::AutoVerifyPeer
                                && mode == QSslSocket::SslClientMode);
        bool doEmitSslError = !verifyErrorsHaveBeenIgnored();
        // check whether we need to emit an SSL handshake error
        if (doVerifyPeer && doEmitSslError) {
            if (q->pauseMode() & QAbstractSocket::PauseOnSslErrors) {
                pauseSocketNotifiers(q);
                paused = true;
            } else {
                setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, sslErrors.constFirst().errorString());
                plainSocket->disconnectFromHost();
            }
            return false;
        }
        return true;
    }
    

    verifyErrorsHaveBeenIgnored() is returning false

    bool QSslSocketPrivate::verifyErrorsHaveBeenIgnored()
    {
        bool doEmitSslError;
        if (!ignoreErrorsList.empty()) {
            // check whether the errors we got are all in the list of expected errors
            // (applies only if the method QSslSocket::ignoreSslErrors(const QList<QSslError> &errors)
            // was called)
            doEmitSslError = false;
            for (int a = 0; a < sslErrors.count(); a++) {
                if (!ignoreErrorsList.contains(sslErrors.at(a))) {
                    doEmitSslError = true;
                    break;
                }
            }
        } else {
            // if QSslSocket::ignoreSslErrors(const QList<QSslError> &errors) was not called and
            // we get an SSL error, emit a signal unless we ignored all errors (by calling
            // QSslSocket::ignoreSslErrors() )
            doEmitSslError = !ignoreAllSslErrors;
        }
        return !doEmitSslError;
    }
    

    ignoreAllSslErrors seems to be false even though I am calling ignoreSslErrors(). I call it prior to calling open() as well as sslerror signal

    After tracing it appears that that QSslSocketPrivate::init() is being called in the QSslSocket() constructor as well as in connectToHostEncrypted() which is called in QWebsocket AFTER I set ignoreSslErrors()

    Am I doing something wrong or is this a bug?


  • Lifetime Qt Champion

    Hi,

    From the looks of it your reasoning seems fine.

    Did you check with a more recent version of Qt ?



  • I have not.


  • Lifetime Qt Champion

    @Justin-Pattison-Schmidt Then please do.



  • Tried with latest 5.14.1, same behavior.


  • Lifetime Qt Champion

    Then, you should check the bug report system to see if there's already something related. If not, then please open a new issue with the reasoning you provided here. You can link to this thread but please put the complete explanation on the ticket as links may fail over time while the ticket should not.


Log in to reply