Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

Qt webkit (webview) client certificate



  • Hi,

    Qt-5.7
    QtWebkit 5.7
    Windows.

    I am trying to connect to site that requires a client certificate, I have it.
    How can I check before inject this key to the QsslConfiguration, that this site requires a client certificate?
    Is their event for it or access to connection packages?
    The sslErrors(QNetworkReply *reply, const QList<QSslError> &errors) signal in the QNetworkAccessManager doesnt help.

    In the Wireshark i see "Certificate request".
    Thx



  • @borisa said in QT webkit (webview) client certificate:

    Hi,

    QT-5.7
    QtWebkit 5.7
    Windows.

    I am trying to connect to site that requires a client certificate, I have it.
    How can I check before inject this key to the QsslConfiguration, that this site requires a client certificate?
    Is their event for it or access to connection packages?
    The sslErrors(QNetworkReply *reply, const QList<QSslError> &errors) signal in the QNetworkAccessManager doesnt help.

    In the Wireshark i see "Certificate request".
    Thx

    You should add client certificate and its key to your QSslConfiguration before starting connection.

    AFAIK it's not possible to adjust client key setting in responce to server requests with Qt now.



  • Look at QSslSocket::addDefaultCaCertificates() http://doc.qt.io/qt-5/qsslsocket.html



  • @McLion said in QT webkit (webview) client certificate:

    addDefaultCaCertificates

    It has nothing to do with client certificates

    What is really needed here are QSslConfiguration::setLocalCertificate() and QSslConfiguration::setPrivateKey()



  • Hi,

    I just want to know if server requires a client certificate.
    Is there a way?



  • AFAIK no, you have to set up certificate and key unconditionally for all requests



  • @Konstantin-Tokarev
    On my eLinux system, I can surf every https as soon as I add the CA and make sure the date/time is set correctly.
    Of course, if a special one is needed this one should be added.



  • CA certificates need to be added for 2 purposes:

    • Your system does not have CA bundle in a place that can be automatically discovered by Qt, so you have to provide it manually
    • You need to access servers with certificates signed by your own CA or some other CA which is not validated by one of "well-known" CA's included in such bundles

Log in to reply