QWebsocketServer + ssl

Kutyus

Hi!

I updated the operating system (raspbian) and the previously running wss server is not working. There are no error messages, the socketError or sslError signals are not called. If I try without ssl, it works.
Any idea how to look for a bug?

Thanks in advance.

Kutyus

I monitored network traffic to see if it helps:

14 714.367372097 94.21.243.180 ? 192.168.1.101 TCP 66 60866 ? 9001 [SYN] Seq=0 Win=64240 Len=0 MSS=1452 WS=256 SACK_PERM=1
   15 714.367530959 192.168.1.101 ? 94.21.243.180 TCP 66 9001 ? 60866 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 SACK_PERM=1 WS=128
   16 714.450674924 94.21.243.180 ? 192.168.1.101 TCP 54 60866 ? 9001 [ACK] Seq=1 Ack=1 Win=262656 Len=0
   17 714.452441675 94.21.243.180 ? 192.168.1.101 TLSv1 571 Client Hello
   18 714.452544180 192.168.1.101 ? 94.21.243.180 TCP 54 9001 ? 60866 [ACK] Seq=1 Ack=518 Win=64128 Len=0
   19 744.455007817 94.21.243.180 ? 192.168.1.101 TCP 54 60866 ? 9001 [FIN, ACK] Seq=518 Ack=1 Win=47872 Len=0
   20 744.455321998 192.168.1.101 ? 94.21.243.180 TCP 54 9001 ? 60866 [FIN, ACK] Seq=1 Ack=519 Win=64128 Len=0
   21 744.523576679 94.21.243.180 ? 192.168.1.101 TCP 54 60866 ? 9001 [ACK] Seq=519 Ack=2 Win=52224 Len=0

Pablo J. Rogina

@Kutyus Not an information security expert, but it looks like the TLS handshake capture you posted is somehow incomplete...

From this article, after the client sending a hello message, next thing is the server replying with its SSL certificate and then more steps (message exchange back and forth)

Kutyus

@Pablo-J-Rogina
This is obvious, I do not know the reason. I compiled 5.15.0, but there is the same error.

Kutyus

I also tried qt 5.11.3 built into the operating system, but the same result.

Kutyus

I got the error, I tried the sslwebsocketserver example, it worked because the code matched mine, I used the key pair in the sample code in my own program, and it worked with it.
How to generate the correct key for qwebsocketserver?

Pablo J. Rogina

@Kutyus said in QWebsocketServer + ssl:

I updated the operating system (raspbian) and the previously running wss server is not working

How to generate the correct key for qwebsocketserver?

It looks like those things are contradictory. If you had a running server before updating the OS, you should have created the "correct key" before, right?

Kutyus

@Pablo-J-Rogina
Debian strech had a version of openssl of 1.1.0, buster has a version of 1.1.1. I think this is causing the error, but the point is still how to generate a working key pair for Qt?

Pablo J. Rogina

@Kutyus said in QWebsocketServer + ssl:

the point is still how to generate a working key pair for Qt?

There are lots of articles describing how to use OpenSSL to create key pairs, ie. article from Google cloud...

Kutyus

I got the error, I mixed up the filenames, the certificate extension was crt and cert were given back.