HTTPS via Qt QWebView not working in all cases



  • I started this on the general forum but decided to add it here as well because this seems to be the more appropriate venue.

    More details about the problem can be found on that thread..
    http://developer.qt.nokia.com/forums/viewthread/5775/

    Thinking that maybe it was code in my existing project causing the problem, I created a brand new project. The project only has the main window that contains a QWebView widget. Project was created using Qt Creator 2.2.

    @#-------------------------------------------------

    Project created by QtCreator 2011-05-11T07:33:27

    #-------------------------------------------------

    QT += core gui
    QT += webkit

    TARGET = TestStuff
    TEMPLATE = app

    SOURCES += main.cpp
    MainWindow.cpp

    HEADERS += MainWindow.h

    FORMS += MainWindow.ui
    @

    This is painfully simple. Just executing one line of code...the "ui->webView->load".

    @#include "MainWindow.h"
    #include "ui_MainWindow.h"

    MainWindow::MainWindow(QWidget *parent) :
    QMainWindow(parent),
    ui(new Ui::MainWindow)
    {
    ui->setupUi(this);

    //**this line loads a simple html file and displays it. Doing a "form POST" from within the loaded html to a secure https website does not work.
    //ui->webView->load( QUrl::fromLocalFile(QApplication::applicationDirPath() + "/" + "Help" + "/" + "h-2BuyButton-SFA.html") );

    //**this line works fine. The qt.gitorious.org https website opens and displays in the webview
    //ui->webView->load(QUrl("https://qt.gitorious.org/"));

    //**this line does not work. Actual url elided. Nothing is loaded or displayed in the webview
    .
    ui->webView->load(QUrl("https://mysecure.gateway.com/really.secure"));

    }

    MainWindow::~MainWindow()
    {
    delete ui;
    }
    @

    I can open the simple html file with Internet Explorer and it will display. When I click a "buy" button, my secure https website opens at the order entry page.

    I can open Internet Explorer and paste the "https://qt.gitorious.org/" url into the navigate to bar and visit the Qt https website.

    I can open Internet Explorer and paste the "https://mysecure.gateway.com/really.secure" url into the the navigate to bar and visit my https order processing website.

    So what is preventing the webview from visiting my https order processing website?

    Why does loading one https website work, but not the other?

    I also tried the complete project(not the downsized project shown above) on a Mac with the same results.

    Is this a bug that needs to be reported?



  • Evidently this problem has been around for a while. Found a thread on the Qt Centre forum from 2009 that was experiencing something similar. Was able to tweak code as follows...

    In my "form" instantiation, I connected the qwebview's qnam to the appropriate signal and slot before loading the https url into the webview...

    @ connect(ui->webView->page()->networkAccessManager(),
    SIGNAL(sslErrors(QNetworkReply*, const QList<QSslError> & )),
    this,
    SLOT(sslErrorHandler(QNetworkReply*, const QList<QSslError> & )));@

    In the .h

    @void sslErrorHandler(QNetworkReply* qnr, const QList<QSslError> & errlist);@

    In the .cpp

    @void frmBuyIt::sslErrorHandler(QNetworkReply* qnr, const QList<QSslError> & errlist)
    {

    #if DEBUG_BUYIT
    qDebug() << "---frmBuyIt::sslErrorHandler: ";
    // show list of all ssl errors
    foreach (QSslError err, errlist)
    qDebug() << "ssl error: " << err;
    #endif

    qnr->ignoreSslErrors();
    }@

    The ssl errors happen and are ignored...which allows my https webpage to load.



  • I meet the smae issue. I will try on the way, thx.



  • Same problem here, and cannot find any other solution except the ignoreSslErrors() which is a dirty hack especially for our system which stores personal informations.



  • What's that supposed to mean? Are you 100% sure that your server certificate should be regarded as valid by Qt?



  • What I tried: with the same communication code (based on QNetworkAccessManager) https://twitter.com can be reqested and it doesn't emit the sslErrors(...) signal. But it does for our site.

    The site's certificate is accepted by Google Chrome, Internet Explorer, Opera, Firefox, ... But QNetworkAccessManager emits sslErrors(...) with these QSslErrors:

    @BaseNetworkRequest::_sslErrors : Error: "The issuer certificate of a locally looked up certificate could not be found"
    BaseNetworkRequest::_sslErrors : Error: "The root CA certificate is not trusted for this purpose"
    BaseNetworkRequest::_sslErrors : Error: "No certificates could be verified" @

    I tried to manually add the cert to the request, but it still emits these SslErrors.
    @ QFile certFile(QString(":/aw_cert4_der"));
    Q_ASSERT(certFile.open(QIODevice::ReadOnly));
    QByteArray certContent = certFile.readAll();
    DLog("Cert: ") << certContent;
    QSslCertificate cert(certContent, QSsl::Der);

    DLog("Is cert valid: ") << cert.isValid();
    DLog("Cert info: ") << cert.effectiveDate() << cert.expiryDate() << cert.issuerInfo(QSslCertificate::Organization);
    
    QSslConfiguration sslConfig = networkRequest->sslConfiguration();
    QList<QSslCertificate> caCerts = sslConfig.caCertificates();
    caCerts.append(cert);
    sslConfig.setCaCertificates(caCerts);
    networkRequest->setSslConfiguration(sslConfig);@
    

    cert.isValid() return true, and I can get the effectiveDate and the other certificate information and are all correct.

    Am I missing something? I Googled a lot and the only solution I found is to call the QNetworkReply's ignoreSslErrors() method, which works, but I don't want to use it if I not have to.



  • Has this been submitted as a bug to QT?

    We are getting this within our project as well but can't determine if it's an issue on our side or if the site we're connecting to has an invalid certificate. Connecting to them via firefox seems to work fine 9 times out of 10 (where the tenth time firefox shows a "untrusted certificate" error).



  • Hi,

    I do not understand if there is a solution to the above problem ?

    I am using Qt4.8.3. some Https pages are loaded other do not, and for those not, I do not get any ssl

    errors, so It is hard to find where the problem is.

    Does anyone have a solution ? Any help would be great.

    Thanks



  • Hello!

    I started to implement a simple WebView (which i will enhance at later state) in my Application and i can not open any https://<site> even with SSL Errors ignored.

    I am running QT 5.2.0 RC1 Build 186 on a Windows 7 x64 Machine.

    Is there any Chance to get WebView to Show/Open SSL Sites? I need to use/work with these SSL Certificates on specific Servers. What additional Qt Stuff do i need to implement or connect to WebView? I dont want you to write the Code for me ;) I have googled many Sites and i am sure that i have overseen something.

    Or is WebView not being able to handle SSL at all??? If not, what should i use to open https Links internally in the WebView?

    I am new to QT and to C++ so it would be nice if someone can point me in the right Direction. Thank You! :)

    Oliver



  • Resurecting old thread, eh?

    You should read the suggestions and sample codes above, specially the one of PSI-lbc

    As a side note, make sure you open the correct page, the one for which the certificate is valid , for example, if the certificate was issued for www.example.com, it will show as invalid for example.com or sub.example.com



  • resurrecting old thread, i know.. but to use the windows cert ca store, see example below. enjoy.

    [code]
    QList<QSslCertificate> readWindowsCa(){
    QList<QSslCertificate> ca_list;
    HCERTSTORE hStore = CertOpenSystemStore(NULL, L"CA");
    X509 *cert;
    for ( PCCERT_CONTEXT pCertCtx = CertEnumCertificatesInStore(hStore, NULL); pCertCtx != NULL; pCertCtx = CertEnumCertificatesInStore(hStore, pCertCtx) ){
    // pCertCtx.cbCertEncoded
    cert = d2i_X509(NULL, (const OPENSSL_d2i_TYPE) &pCertCtx->pbCertEncoded, pCertCtx->cbCertEncoded);
    BIO *bio = NULL;
    char *pem = NULL;
    if (NULL == cert) {
    continue;
    }
    bio = BIO_new(BIO_s_mem());
    if (NULL == bio) {
    continue;
    }
    if (0 == PEM_write_bio_X509(bio, cert)) {
    BIO_free(bio);
    continue;
    }
    pem = (char *) malloc(bio->num_write + 1);
    if (NULL == pem) {
    BIO_free(bio);
    continue;
    }
    memset(pem, 0, bio->num_write + 1);
    BIO_read(bio, pem, bio->num_write);
    BIO_free(bio);
    QSslCertificate *cert_new = new QSslCertificate(pem,QSsl::Pem);
    ca_list.append(*cert_new);
    free(pem);
    X509_free(cert);
    }
    CertCloseStore(hStore, 0);
    return ca_list;
    }

    [/code]
    you then do the ca caCerts.append(readWindowsCa());

    this will load most of the websites.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.