websocket ssl certificate CA root



  • I'm trying to use the sslechoServer/Client to work in real world.
    I try to provide it my key and certificate (on server side)
    As i get an error about root CA verification, I also tried to add my positive ssl bundle file to the caCertificate of the QWebsocket's ssl config (on client side, then on both side) without success.
    <p>The files I try to use are the ones I provided to my apache server for my website<br />
    (the 3 files below from my apache.conf)
    SSLCertificateFile /etc/apache2/myDomain_net.crt
    SSLCertificateKeyFile /etc/apache2/myDomain.key
    SSLCACertificateFile /etc/apache2/PositiveSSL.ca-bundle
    (my website is workin without trouble in https mode)

    here is the ssl error i get :
    The issuer certificate of a locally looked up certificate could not be found

    in the original example they just ignore ssl errors and they say in production mode you should not ignore but resolve 'em by adding certif to CA root. Problem is I got no idea how to do that...

    If anyone has a clue

    PS :
    I tried the code below on client side

        QList<QSslCertificate> caCert = sslConfig.caCertificates();
        caCert.append(QSslCertificate(bytes,QSsl::Pem));
        sslConfig.setCaCertificates(caCert);
    

    without success then I tried this (always on client)

    
    sslConfig.setLocalCertificate(QSslCertificate(bytes,QSsl::Pem));
    
    

    which as expected doesn't work and just makes the m_websocket.open to freeze (doesn't end up as error or close... but doesn't connect either)


  • Lifetime Qt Champion

    Hi,

    Who generated your certificate ?



  • Hi,
    Thanks for reply the certif was generated by COMODO and it's positive ssl.


  • Lifetime Qt Champion

    Ok, then can you see if the suggestion here helps ?



  • I'm not sure I get it correctly (already been throught the linked post btw). One of them is speakin of recompiling Qt with a different ssl version, sounds like killin a mosquito with a canonball (Also it's an old post and maybe I'm wrong but I believe that Qt is ssl independant now because of license issues so we use dll and recompilin Qt shouldn't work). The other one speaks about adding the CA certificate with setCACertif method which I already did without success.

    Let's just forget about the certificate of my website :
    I just want to initiate a secured connection between my server and my client with wss protocol.
    Should not be that complicated. I'm surprised not to find a tutorial with a detailed howto... I mean even with a self-signed certificate.

    Maybe you know a link for such a howto ?

    Oh and somethin else i found a bug long story short closeCode is ignored (always equal to 1000 (CloseCodeNormal)) in Qt5.3 (I described it here [https://forum.qt.io/topic/63189/qwebsocket-signal-disconnected-and-method-close-unrelated](link url)
    and found then it was already reported there : [https://bugreports.qt.io/browse/QTBUG-42982](link url)
    The bug is fixed in Qt5.5 but won't they modify Qt5.3 so it works as specified in the doc ? I ask you cause you seem to be very active in the Qt community. Thank you


  • Lifetime Qt Champion

    Self-signed certificate are always the more complicated to manage (i.e. nobody trust them since no valid CA validated them)

    Sorry, I'm don't remember of such a howto...

    No, there won't be another release of Qt 5.3. The next release is 5.6.0 the first LTS of Qt 5.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.