QNetworkRequest with client authentication



  • Hi

    My Apache HTTP server needs client authentication by certificate. The environment generally works (I tested it with firefox), but want to make HTTP GET's on my Windows through a QT application.

    I used the QT example 'http' (examples\network\http) and enhanced function startRequest() by loading the certificate and private key (I successfully verified the example without client certificate authentication).
    The function startRequest() terminates successfully and does not show any "strange" behavior.

    Looking at the IP traffic between my client and Apache server (SSL handshake), the client replies with the Encryption Alert 41, "No certificate".

    It looks that somehow the loaded certificate QSslCertificate/QSslConfiguration is not accepted by QNetworkRequest or sent to the server!

    Does somebody have any idea concerning this problem?
    @
    void HttpWindow::startRequest(QUrl url)
    {
    QFile sslCertificateFile("ssl/client.cert");
    QFile sslKeyFile("ssl/client.key.unsecure");
    QSslConfiguration sslConfiguration;
    QSslCertificate sslCertificate;
    QNetworkRequest request;

    if ( (sslCertificateFile.open(QIODevice::ReadOnly)) &&
    (sslKeyFile.open(QIODevice::ReadOnly)) ) {

    // Read certificates from file
    QList<QSslCertificate> sslCertificateList = QSslCertificate::fromData(sslCertificateFile.readAll(), QSsl::Pem);
    qDebug("Found certificates: %d", sslCertificateList.size());
    sslCertificate = sslCertificateList.takeAt(0);
    qDebug() << sslCertificate.issuerInfo(QSslCertificate::Organization);
    qDebug() << sslCertificate.issuerInfo(QSslCertificate::CountryName);
    qDebug() << sslCertificate.issuerInfo(QSslCertificate::CommonName);
    qDebug() << "expires: %s" << sslCertificate.expiryDate().toString(Qt::ISODate);

    // Read key from file
    QSslKey privateKey(&sslKeyFile, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey , "");
    qDebug() << "Algorithm: " << privateKey.algorithm();
    qDebug() << "Length: " << privateKey.length();

    // SSL configuration
    sslConfiguration.defaultConfiguration();
    sslConfiguration.setLocalCertificate(sslCertificate);
    sslConfiguration.setPrivateKey(privateKey);
    sslConfiguration.setProtocol(QSsl::SslV3);

    // Do the https request
    request.setSslConfiguration(sslConfiguration);
    qDebug("is certificate valid: %d", request.sslConfiguration().localCertificate().isValid());
    request.setUrl(url);
    reply = qnam.get(QNetworkRequest(url));
    connect(reply, SIGNAL(finished()),
    this, SLOT(httpFinished()));
    connect(reply, SIGNAL(readyRead()),
    this, SLOT(httpReadyRead()));
    connect(reply, SIGNAL(downloadProgress(qint64,qint64)),
    this, SLOT(updateDataReadProgress(qint64,qint64)));
    }
    else {
    QMessageBox::information(this, tr("HTTP"),
    tr("Can not open file."));
    }
    sslCertificateFile.close();
    sslKeyFile.close();
    }
    @

    [edit: code highlighted / Denis Kormalev]


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.