4. Qt 4.7 SSL error : "The certificate has expired”

Problems with Open-Source Downloads read https://www.qt.io/blog/problem-with-open-source-downloads and https://forum.qt.io/post/638946

Qt 4.7 SSL error : "The certificate has expired”


  • We compiled the Qt code using the OpenSSL libraries. But we are not able to load the HTTPS webpages. The SSL Error handler is throwing “The certificate has expired” exception. we used http://orkut.com to test the SSL issues.

    What was happening before we recompiled Qt source?

    1. Following errors, when we tried to launch HTTPS urls
      QSslSocket: cannot call unresolved function SSLv3_client_method QSslSocket: cannot call unresolved function SSL_CTX_new QSslSocket: cannot call unresolved function SSL_library_init QSslSocket: cannot call unresolved function ERR_get_error QSslSocket: cannot call unresolved function ERR_error_string

    What we did?

    1. Download and install Win32 OpenSSL v1.0.0d Light

    2. Open VS2008 command prompt

    3. Navigate to “C:\Qt\4.7.1” 4) configure.exe -debug-and-release -webkit -openssl -I C:\OpenSSL-Win32\Include -L C:\OpenSSL-Win32\Lib

    4. nmake

    Error After compiling with openSSL dll

    1. when we try to load SSL url using webview , we get the following error
    2. “The certificate has expired”
    3. We handled the networkAccessManager sslErrors(QNetworkReply*,QList) event which showed as the “certificate expired” error.
    4. We are unclear about what additional settings are needed to fix this issue
    0

  • Has the certificate actually expired? Obvious question I know but worth checking.

    0

  • I am not sure, if the following is valid or security problem.
    In the "networkAccessManager sslErrors(QNetworkReply*,QList) event", we called the QNetworkReply method "reply->ignoreSslErrors(expectedSslErrors);". We have added the error "QSslError::CertificateExpired" in the 'expectedSslErrors'. It ignored the error, and we were able to load the https page.

    1

  • Well, what are the dates on the certificate?

    0

    1. you'll need two openSSL libs. These are on win32:
      ssleay32.dll
      LIBEAY32.dll

    AND

    1. you can ignore invalid certificates:

    @
    connect(ui->mywebview->page()->networkAccessManager(),
    SIGNAL(sslErrors(QNetworkReply*, const QList<QSslError> & )),
    this,
    SLOT(sslErrorHandler(QNetworkReply*, const QList<QSslError> & )));

    void MainWindow::sslErrorHandler(QNetworkReply* qnr, const QList<QSslError> & errlist)
    {
    qnr->ignoreSslErrors();
    }
    @

    [EDIT: code formatting, please wrap in @-tags, Volker]

    0
Log in to reply