Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

How to clear QNetworkReply->ignoreSslErrors?



  • Hi all,

    I'm working on a nextcloud tasks application for sailfish os (which currently is stuck on Qt 5.6), and I'm trying to figure out how to properly stop ignoring SSL errors. Context: I'm adding a toggle 'ignore ssl errors' to the app to allow it to be used with nextcloud instances that have a self-signed certificate.

    I am able to ignore SSL errors when this option is enabled, but what I'm running into is that when the option is disabled again, the next request will still ignore SSL errors. Only the second (and subsequent) request after disabling will correctly bail out on SSL errors again.

    I have connected a handler for the sslErrors() signal on the QNetworkAccessManager:

    HttpClient::HttpClient(QObject *parent) : QObject(parent)
    {
        connect(&(HttpClient::networkAccessManager), &QNetworkAccessManager::authenticationRequired,
                this, &HttpClient::authenticate);
        connect(&(HttpClient::networkAccessManager), &QNetworkAccessManager::sslErrors,
                this, &HttpClient::sslErrors);
    }
    

    (https://cvs.sonologic.net/gmc/harbour-tasks/-/blob/master/app/src/caldavclient/httpclient.cpp#L13)

    The handler itself will call QNetworkReply->ignoreSslErrors(...) depending on a boolean:

    void HttpClient::sslErrors(QNetworkReply *reply, const QList<QSslError> & errors)
    {
    //    Q_UNUSED(errors);
        qDebug() << "sslErrors!";
        if(this->ignoreSslErrors) {
            qDebug() << "sslErrors ignored!";
            reply->ignoreSslErrors(errors);
        } else {
            qDebug() << "sslErrors NOT ignored!";
            QList<QSslError> empty;
            reply->ignoreSslErrors(empty);
        }
    }
    

    (https://cvs.sonologic.net/gmc/harbour-tasks/-/blob/master/app/src/caldavclient/httpclient.cpp#L112)

    So, on the first request after disabling the boolean ignoreSslErrors, I do see the sslErrors NOT ignored! in the debug log, but still the request will go through even though there are SSL errors.

    The documentation for QNetworkReply->ignoreSslErrors(..) states:

    Multiple calls to this function will replace the list of errors that were passed in previous calls. You can clear the list of errors you want to ignore by calling this function with an empty list.
    

    But it seems that is not quite correct, in that it will still ignore the ssl errors ignored previously for the request.

    Note that when the boolean is enabled, it will work as expected. The first request after enabling it will ignore SSL errors.

    I even tried clearing the list when the reply is created:

        QNetworkReply *reply = HttpClient::networkAccessManager.sendCustomRequest(request, verb.toUtf8(), &(delegate->requestBodyBuffer));
        QList<QSslError> empty_list;
        reply->ignoreSslErrors(empty_list);
    

    (https://cvs.sonologic.net/gmc/harbour-tasks/-/blob/master/app/src/caldavclient/httpclient.cpp#L88)

    But to no avail.

    What am I doing wrong here? Any hints would be appreciated!

    Cheers,

    Koen



  • Ok, so this probably has something to do with keep-alive in http(s). That is, the connection is opened, at which point an ssl error may result in aborting the connection or not. But when subsequent requests are made, there's probably already an open connection, so it won't redo the SSL handshake and thus won't apply new ignore settings.

    When I call QNetworkAccessManager->clearAccessCache() (closing any open connections) when the setting changes, the new ignore settings take immediate effect.



  • Ok, so this probably has something to do with keep-alive in http(s). That is, the connection is opened, at which point an ssl error may result in aborting the connection or not. But when subsequent requests are made, there's probably already an open connection, so it won't redo the SSL handshake and thus won't apply new ignore settings.

    When I call QNetworkAccessManager->clearAccessCache() (closing any open connections) when the setting changes, the new ignore settings take immediate effect.


Log in to reply