Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

Proper deployment of Qt app (requiring SSL) on MacOS



  • Hi everyone,
    I just need a little tips on Qt and MacOS software deployment. The software require some https request, and I know that using OpenSSL for Win and Linux is the right thing to do. For MacOS, I'm little bit stuck.

    I know that OS X require SecureTransport, but when I share my app to other MacOsX, requests are not performed, that mean missing ressources. Should I embed some dylibs in the .app ?
    Best regards


  • Lifetime Qt Champion

    Hi,

    How are you deploying your application ?
    What kind of SSL powered request are you doing ?



  • @SGaist Thanks a lot for your answer =)
    Basically, I'm using the Qt Installer Framework for that purpose, outputting a .dmg.
    About the SSL, I'm performing an https request on our server.

    Does these elements answered your questions?


  • Lifetime Qt Champion

    AFAIK, you shouldn't need to do anything special. Which version of macOS are you seeing that on ?



  • @SGaist I'm using macOS High Sierra in both computer. On my developpement Mac, Qt seems to recognize SecureTransport using qDebug() << QSslSocket::sslLibraryVersionString(); and same on the my testing Mac.
    But it seems that the Https request works on first one and not the second one for a specific reason I can't get...
    Okay I will try to have another look on this next days...

    Do you have some advices on debugging steps? Like using qDebug() << QSslSocket::sslLibraryVersionString(), to understand wich part on a request can end with trouble?

    Thanks


  • Lifetime Qt Champion

    You should use a tool like wireshark to compare the network activity between the two.

    Are you connecting to a server which has a custom certificate ?



  • Yeah ! Good idea ! I will have a look !

    About the certificate, it was bought on namecheap (domain name, certificate and hosting). I mean is not something homemade generate !

    Thanks a lot again! =)
    Have a great day


  • Lifetime Qt Champion

    @Romain-C said in Proper deployment of Qt app (requiring SSL) on MacOS:

    About the certificate, it was bought on namecheap (domain name, certificate and hosting). I mean is not something homemade generate !

    Did you try to access your server from the other machine directly just to see if you get an error ?



  • @SGaist What do you mean by a direct access? If you mean using a web browser, it work great!

    I wanted to see using wireshark if can see anything but as I'm using Https, data are encoded... =/

    I also move to Qt 6.1.2 to see if anything was related to 5.12, but no changes in the behaviour.

    However, in case of I missed something, I'm doing following instructions :
    // Does SSL is supported
    if(!QSslSocket::supportsSsl())
    return;

    QString uniqueId = settings.value(keyValue(UniqueIdentifier), UNIQUE_IDENTIFIER_VALUE).toString();
    if(uniqueId.isEmpty())
        return;
    
    // Construct request
    QNetworkRequest request(QUrl("https://[website]"));
    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
    
    // Construct data
    QByteArray data;
    data.append(QString("id="+uniqueId).toUtf8());
    
    // Send request
    QNetworkReply *netReply = anonymousRequests->post(request, data);

  • Lifetime Qt Champion

    I do not see any error handling here, did you just not post them ?



  • Hi again,
    I don't know what you mean by error handling, I check the netReply object answer.
    On OsX, I just get an empty answer and no error seems to happen.



  • @Romain-C it is really odd - however I didn't do much work on High Sierra (it is very outdated). On Catalina and BigSur SSL support works out-of-the-box though.
    Are you able to examine server side logs by any chance? This could help you to check if any connection is being made...

    With regards to errors you should examine if QNetworkManager::SslErrors() signal is being emitted (simply connect to it) (I assume anonymousRequests is of type QNAM)


Log in to reply