Https and SSL...what's the trick to get it to work?



  • I had OpenSSL working with a QT4.6/QTCreator1.3 build...it now appears to be "broken".

    Currently using the latest SDK 1.1 with QT4.7.3 and Creator 2.1.0. Downloaded and installed the SDK. Ported the project from 4.6 to 4.7. Compiled w/o errors.

    I check in code to see if SSL is available.

    @
    bool isSSLSupported = QSslSocket::supportsSsl();

    #if DEBUG_BUYIT
    qDebug() << "***frmBuyIt : isSSLSupported=" << isSSLSupported ;
    #endif
    @

    QSslSocket::supportsSsl returns "true" so I assume it is available and we can proceed.

    @
    ui->webView->load( QUrl::fromLocalFile(QApplication::applicationDirPath() + "/" + "Help" + "/" + "BuyIt.html") );
    ui->webView->show();
    @

    This works. The local html file is loaded in the webview and the loadFinnished event is triggered as "true", meaning it loaded OK.

    @
    void frmBuyIt::loadFinished( bool ok )
    {
    // this event triggers when a webview completes loading a page (local or web)

    #if DEBUG_BUYIT
    qDebug() << "---on_gateway_loadFinished: buyState=" << buystate << ok; ok=true
    #endif
    @

    The html file that is loaded in the webview is has a button that executes the following when pressed...

    @
    form method="POST" action="https://mygateway.buyit.com/secureforms.secure"><br>
    input type="hidden" name="theUserName" value="myusername"<br>
    input type="hidden" name="theOrderTotal" value="19.95"<br>
    input type="hidden" name="theOrderDescription" value="blahblah product"<br>
    input type="hidden" name="theCollectShipping" value="false"<br>
    input type="hidden" name="theInvoiceNo" value="Invoice xxxx-xxxx-xxxx"<br>
    input type="submit" value = "Buy Now"<br>
    /form<br>
    @

    When the "Buy Now" button is pressed in the webview, the POST is sent, the loadFinished event triggers as "false", meaning the load of the https url failed for some reason. No errors are displayed, the webview view remains unchanged.

    @
    void frmBuyIt::loadFinished( bool ok )
    {
    // this event triggers when a webview completes loading a page (local or web)

    #if DEBUG_BUYIT
    qDebug() << "---on_gateway_loadFinished: buyState=" << buystate << ok; ok=false
    #endif
    @

    Loading the html file using Internet Explorer, pressing the "buy now" button, opens the https webpage and displays the buy input form.

    Is there something I'm doing incorrectly so that QT/SSL/https is not working?

    Is there another way I could accomplish the same process or possibily trap errors or the reason that the webview cannot visit the https website?

    [EDIT: code formatting, please wrap in @-tags, Volker]



  • Did you try to connect to QNetworkAccessManager's "sslErrors() ":http://doc.qt.nokia.com/4.7/qnetworkaccessmanager.html#sslErrors signal? Maybe there's something going wrong with the certificates or the like.



  • Thanks for wrapping the code sections..

    Did you try to connect to QNetworkAccessManager’s sslErrors
    No, the Haven't tried that...yet

    Maybe there’s something going wrong with the certificates or the like.
    I don't know. Possible. But I've never had to worry about "certificates" before. The https webpage is accessible via Internet Explorer by just loading the local html file and clicking the "buy now" button. It also works fine when accessing through a VB (ugh..) program that essentially approaches the problem in the same way..load html file, click button, access the https...

    The QT code for accessing the https website was working and had been debugged. No changes to code or "certificates". Went to test the code prior to adding new features and it just wouldn't display the https webpage any longer. Very odd.

    I've looked through a number of forums for solutions and have seen may references to using "configure -openssl" followed by "mingw32-make" to recompile everything to get SSL to work. I haven't done that yet for the SDK1.1 / QT4.7.3 and assumed I didn't need to as long as the call to QSslSocket::supportsSsl returns "true".

    Should I "configure" and "make" prior to trying your suggestion to "connect to QNetworkAccessManager’s sslErrors" ?



  • connecting to the signal is just quick an dirty.

    You could also try to GET something from that web server with QNetworkAccessManager (have a look at the API docs, there is an example). I would try to get something that is know to work well, like https://qt.gitorious.org/

    This would just test if the QNAM is working with SSL at all.



  • I connected the SSL error signal, processed the reply, and got the following...

    @ssl error: "The issuer certificate of a locally looked up certificate could not be found"
    ssl error: "The root CA certificate is not trusted for this purpose"
    ssl error: "No certificates could be verified" @

    I tried the following with the post request...

    @setSslConfiguration(QSslConfiguration::defaultConfiguration());@

    ...but still got the same errors.

    I put the following in the SSL error slot...

    @ignoreSslErrors(errlist);@

    ..and was able to get past the ssl errors and get a reply from the https server. The "post" I sent was in the wrong format so what came back was...

    @"<html>"
    "<head>"
    " <title>Error</title>"
    "</head>"
    "<body>"
    ""
    "<div>Fatal Error</div>"
    "<div>"
    "We're sorry, an error has occured and we are unable to process your request.<br>"
    "Please verify that all input is correct and try again. If the error persists, please contact the site administrator."
    "</div><p>"
    "<div><strong>Error Message</strong></div>"
    "<div>Error: No username passed.</div>"
    "</body>"
    "</html>" @

    So I could probably make this work by saving the html to a file and then loading the saved file into the webview...but this seems like a rather cumbersome approach.

    Is there a way to make the webview think the SSL certificates are correct? That way I could just send the post as a form method="POST" in html instead of doing it with the QNetworkAccessManager approach.

    This is off the main topic, but on most web browsers when you visit a secure https site, a "lock" is displayed somewhere on screen so the user knows it's "secure". Is there a way for the webview to display a "lock" or is there another widget that has that property?



  • Thinking that maybe it was code in my existing project causing the problem, I created a brand new project. The project only has the main window that contains a QWebView widget. Project was created using Qt Creator 2.2.

    @#-------------------------------------------------

    Project created by QtCreator 2011-05-11T07:33:27

    #-------------------------------------------------

    QT += core gui
    QT += webkit

    TARGET = TestStuff
    TEMPLATE = app

    SOURCES += main.cpp
    MainWindow.cpp

    HEADERS += MainWindow.h

    FORMS += MainWindow.ui
    @

    This is painfully simple. Just executing one line of code...the "ui->webView->load".

    @#include "MainWindow.h"
    #include "ui_MainWindow.h"

    MainWindow::MainWindow(QWidget *parent) :
    QMainWindow(parent),
    ui(new Ui::MainWindow)
    {
    ui->setupUi(this);

    //**this line loads a simple html file and displays it. Doing a "form POST" from within the loaded html to a secure https website does not work.
    //ui->webView->load( QUrl::fromLocalFile(QApplication::applicationDirPath() + "/" + "Help" + "/" + "h-2BuyButton-SFA.html") );

    //**this line works fine. The qt.gitorious.org https website opens and displays in the webview
    //ui->webView->load(QUrl("https://qt.gitorious.org/"));

    //**this line does not work. Actual url elided. Nothing is loaded or displayed in the webview
    .
    ui->webView->load(QUrl("https://mysecure.gateway.com/really.secure"));

    }

    MainWindow::~MainWindow()
    {
    delete ui;
    }
    @

    I can open the simple html file with Internet Explorer and it will display. When I click a "buy" button, my secure https website opens at the order entry page.

    I can open Internet Explorer and paste the "https://qt.gitorious.org/" url into the navigate to bar and visit the Qt https website.

    I can open Internet Explorer and paste the "https://mysecure.gateway.com/really.secure" url into the the navigate to bar and visit my https order processing website.

    What is preventing the webview from visiting my https order processing website?

    Why does loading one https website work, but not the other?

    Is this a bug that needs to be reported?



  • Was able to figure out a work around...

    http://developer.qt.nokia.com/forums/viewthread/5861/


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.