Hey guys. I am creating a simple SSL socket connection between a server and a client app. One a connection is made using QSslSocket::connectToHostEncrypted() by the client the server issues its public certificate to the client and during the SLL handshake the client can choose to trust this certificate or not. This verifies the identity of the Server to the client, however I would like to request authentication the other way round as well; i.e. I would like the client to then issue its public certificate to the server so the server can decide whether or not to trust it.
I can see no built in way to do this across a single socket but maybe I am wrong. Does anyone know how this can be done?
I would rather avoid the following solution as I feel it over complicates the situation:
- Once the client trusts the server the server tells the client to listen for connections on some port. The server connects to this port and the SSL handshake process is done in reverse. One both connections have been secured and both parties trust each other one of the two connections will be dropped and normal operations will commence.
Perhaps the ability to perform two-way authentication could be added to the QSslSocket class for convenience if the functionality is not already there. Just a suggestion. Would be terrifically handy. Or maybe I need to stop being so lazy (it's not my fault... Qts ease of use has done this to me!!!) :)
Client authentication as you describe is already possible: