SSL failure / certificate problem



  • Hello,

    I set up a QTcpServer and combined all the required signals to get a new QSslSocket from a socketDescriptor. This seems to work. Then i am doing this:

    socket->setPrivateKey(d->_sslKey);
    socket->setLocalCertificate(d->_sslCertificate);
    socket->startServerEncryption();
    

    Catching the error from the socket gives me: Error during SSL handshake:

    error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

    For the client i was using the "Secure Socket Client" Example from Qt and connected to my server. I've also printed the ciphers on client and on serverside and they seem to be the same, so actually there should be shared ciphers. Also both lists are really large.

    What might be the problem?

    Thanks in Advance

    UPDATE:
    I've added my public certificate to the client using setLocalCertificate and my certificate key using setPrivateKey(). I did this on the server side too. Now it seems like it can find ciphers, but i get another error:

    QSslSocket::startClientEncryption: cannot start handshake on non-plain connection

    UPDATE:
    I think it might be a problem with my certificates. Maybe someone could explain me how to properly combine my certificates with my QSslSocket i got from QTcpServer and my Client-QSslSocket which i use to connect to the host.
    I have the following certificates:

    CA:

    • ca-cert.pem
    • ca-key.pem

    Certificates:

    • certificate.pem
    • certificate-key.pem


  • Fixed the problem:

    On Client-Side and on Server-Side i provide the following:

    • Private key of the certificate
    • Public key of the certificate
    • Public key of the CA

    An connection is established. I am getting an SSLError: "The certificate is self-signed and untrusted", but i can either ignore it using ignoreSslErrors(); or the better method is by comparing the certificates to make sure it's all good.
    Also i have re-created my certificates and my CA with the correct information, because I haven't provided the CN for localhost since i was testing on my local machine with my old certificates.

    Anyways, the communication works with correct certificates.



Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.