qml websocket (wss) self signed certificate

  • Hello,
    I would like to test my APP which using websocket in qml .
    For test I created self signed certificate and now I need to load this cert to qml.
    How to make it easily? Some C++ wraper ? (all my code is write in pure qml).

    Thank you

  • Lifetime Qt Champion


    IIRC, you would need to use QSslConfiguration. That part should be done in your main.cpp.

  • Thank you for answer.

    I tryed this

    	QList<QSslCertificate> certs;
    	QSslCertificate cert(readFile("/tmp/cer/cert.pem"));
    	QSslConfiguration config;

    without success.
    Keys are generetad by :

    openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

    Server is python script, and it seems it working (testing with python client).

  • Lifetime Qt Champion

    @poucz said in qml websocket (wss) self signed certificate:

    QSslCertificate cert(readFile("/tmp/cer/cert.pem"));

    Are you sure readFile returns the correct content ?

  • Yes I'm sure, In debugger I can see all bytes and variable 'cert' and 'cert2' contains valid field : "notValidAfter" and "notValidBefore"

    I don't know if I generate cert correctly.

    But with python client it works.

    Server is Python script:

    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
    ssl_context.load_cert_chain("/tmp/cer/cert.pem", "/tmp/cer/key.pem")
    start_server = websockets.serve(server_handler, port=6789, ssl=ssl_context)

    and with python's client I can connect:

         ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
         async with websockets.connect(uri, ssl=ssl_context) as websocket:

  • @poucz said in qml websocket (wss) self signed certificate:

    I tryed this

    What if you try the ICS approach?

    This is, creating a QSslCertificate and then adding that certificate to all SSL connections with QSslSocket::addDefaultCaCertificate()

    Remember that WebSocket QML Type internally uses a QWebSocket after all, and it in turn uses a QTcpSocket.

Log in to reply