QNetworkAccessManager SSL双向验证



  • QNetworkAccessManager 如何使用Windows本地证书进行https双向验证?

    @
    QUrl url("https://www.example.com/../customerLogonAction.biz");
    QNetworkRequest request (url);

    #ifdef WIN32
    HCERTSTORE m_hMyStore = CertOpenSystemStore(0,TEXT("MY"));
    if( m_hMyStore)
    {
    CertControlStore(m_hMyStore, 0, CERT_STORE_CTRL_RESYNC, NULL);
    PCCERT_CONTEXT pCertContext = CertFindCertificateInStore(m_hMyStore,
    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
    0, CERT_FIND_SUBJECT_STR_A,
    "11001065125.0000.0004", NULL );
    if( pCertContext )
    {
    QByteArray byteArray;
    byteArray.resize(pCertContext->cbCertEncoded);
    memcpy(byteArray.data(), pCertContext->pbCertEncoded,
    pCertContext->cbCertEncoded);

            QSslCertificate  cert(byteArray,QSsl::Der);
            QSslConfiguration sslConfiguration;
            sslConfiguration.setLocalCertificate(cert);
            request.setSslConfiguration(sslConfiguration);
        }
    }
    

    #endif // WIN32

    QNetworkAccessManager *networkManager= new QNetworkAccessManager(this);
    connect(networkManager,SIGNAL(finished(QNetworkReply*)),
                            SLOT(read(QNetworkReply*)));
    networkManager->get(request);
    

    @

    运行以上代码发生错误,貌似缺少私钥,该如何处理?
    @
    QNetworkReply::UnknownNetworkError

    // errorString: Cannot provide a certificate with no key.
    @



  • 因为Qt主要基于OpenSSL实现SSL通信,必须显示提供私钥文件。



  • 那么该如何解决?修改openssl还是qt源码?



  • 客户端证书都保存在USBKey中,私钥是读不出来的,如何处理?



  • 使用WinHttp或NSS

    Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

    [quote author="sinotitan" date="1378697173"]客户端证书都保存在USBKey中,私钥是读不出来的,如何处理?[/quote]


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.