Qt 4.7 SSL error : "The certificate has expired”

Joshy Abraham

We compiled the Qt code using the OpenSSL libraries. But we are not able to load the HTTPS webpages. The SSL Error handler is throwing “The certificate has expired” exception. we used http://orkut.com to test the SSL issues.

What was happening before we recompiled Qt source?

1. Following errors, when we tried to launch HTTPS urls
   QSslSocket: cannot call unresolved function SSLv3_client_method QSslSocket: cannot call unresolved function SSL_CTX_new QSslSocket: cannot call unresolved function SSL_library_init QSslSocket: cannot call unresolved function ERR_get_error QSslSocket: cannot call unresolved function ERR_error_string

What we did?

1. Download and install Win32 OpenSSL v1.0.0d Light

2. Open VS2008 command prompt

3. Navigate to “C:\Qt\4.7.1” 4) configure.exe -debug-and-release -webkit -openssl -I C:\OpenSSL-Win32\Include -L C:\OpenSSL-Win32\Lib

4. nmake

Error After compiling with openSSL dll

1. when we try to load SSL url using webview , we get the following error
2. “The certificate has expired”
3. We handled the networkAccessManager sslErrors(QNetworkReply*,QList) event which showed as the “certificate expired” error.
4. We are unclear about what additional settings are needed to fix this issue

ZapB

Has the certificate actually expired? Obvious question I know but worth checking.

sanjaysampat

I am not sure, if the following is valid or security problem.
In the "networkAccessManager sslErrors(QNetworkReply*,QList) event", we called the QNetworkReply method "reply->ignoreSslErrors(expectedSslErrors);". We have added the error "QSslError::CertificateExpired" in the 'expectedSslErrors'. It ignored the error, and we were able to load the https page.

ZapB

Well, what are the dates on the certificate?

privet

1. you'll need two openSSL libs. These are on win32:
   ssleay32.dll
   LIBEAY32.dll

AND

2. you can ignore invalid certificates:

@
connect(ui->mywebview->page()->networkAccessManager(),
SIGNAL(sslErrors(QNetworkReply*, const QList<QSslError> & )),
this,
SLOT(sslErrorHandler(QNetworkReply*, const QList<QSslError> & )));

void MainWindow::sslErrorHandler(QNetworkReply* qnr, const QList<QSslError> & errlist)
{
qnr->ignoreSslErrors();
}
@

[EDIT: code formatting, please wrap in @-tags, Volker]