Qt webkit (webview) client certificate
-
Hi,
Qt-5.7
QtWebkit 5.7
Windows.I am trying to connect to site that requires a client certificate, I have it.
How can I check before inject this key to the QsslConfiguration, that this site requires a client certificate?
Is their event for it or access to connection packages?
The sslErrors(QNetworkReply *reply, const QList<QSslError> &errors) signal in the QNetworkAccessManager doesnt help.In the Wireshark i see "Certificate request".
Thx
-
@borisa said in QT webkit (webview) client certificate:
Hi,
QT-5.7
QtWebkit 5.7
Windows.I am trying to connect to site that requires a client certificate, I have it.
How can I check before inject this key to the QsslConfiguration, that this site requires a client certificate?
Is their event for it or access to connection packages?
The sslErrors(QNetworkReply *reply, const QList<QSslError> &errors) signal in the QNetworkAccessManager doesnt help.In the Wireshark i see "Certificate request".
ThxYou should add client certificate and its key to your QSslConfiguration before starting connection.
AFAIK it's not possible to adjust client key setting in responce to server requests with Qt now.
-
Look at
QSslSocket::addDefaultCaCertificates()http://doc.qt.io/qt-5/qsslsocket.html
-
@McLion said in QT webkit (webview) client certificate:
addDefaultCaCertificates
It has nothing to do with client certificates
What is really needed here are QSslConfiguration::setLocalCertificate() and QSslConfiguration::setPrivateKey()
-
Hi,
I just want to know if server requires a client certificate.
Is there a way?
-
AFAIK no, you have to set up certificate and key unconditionally for all requests
-
@Konstantin-Tokarev
On my eLinux system, I can surf every https as soon as I add the CA and make sure the date/time is set correctly.
Of course, if a special one is needed this one should be added.
-
CA certificates need to be added for 2 purposes:
- Your system does not have CA bundle in a place that can be automatically discovered by Qt, so you have to provide it manually
- You need to access servers with certificates signed by your own CA or some other CA which is not validated by one of "well-known" CA's included in such bundles
