QSslSocket and openssl



  • Hello everyone,

    currently I try to communicate with a Email-Server via Qt, and I have some issues with that.

    Purpose of the program:
    I try to create a small program, that connects via QSslSocket to an Mail-Server to automatically send E-Mails. For this, I created a GMail-account to use.

    Also for that purpose, I've create a very basic program. A QSslSocket, with connections and A few buttons for "connect" and "login". No sending of an actual E-Mail yet!

    Issues:
    Basic : Under windows, I can not connect

    in detail:
    I tested this with my Mac and my Windows(10) Pc.
    I had no problems under Mac but with Windows I can't connect.
    If I open a hotspot with my phone(iPhone) and connect with my Windows Pc to it, I can connect and login without a problem too, with the acception of GoogleMail telling me, that I'm using an unsecure connection.

    Assumed source of the error:
    I believe the source of the error to be the outdated openssl lib, that was shipped with Qt.

    //!Windows: 
    QSslSocket::sslLibraryVersionString()  // == "OpenSSL 1.0.0q 15 Jan 2015" 
    //!Mac:
    QSslSocket::sslLibraryVersionString()  // == Secure Transport, macOS Sierra (10.12) 
    

    The current (online)available lib version is 1.1.
    Also SslErrors Results, under windows, in:

    • The issuer certificate of a locally looked up certificate could not be found
    • The root CA certificate is not trusted for this purpose
    • No certificates could be verified

    socketError results in QAbstractSocket::SslHandshakeFailedError

    Solution attemps:
    I downloaded the current openssl libary, precompiled for msvc and mingw. Sadly I can't simply replace libssl.a in ...\Qt\tools\... as they don't exist in that folder. At least not in the form I downloaded them in.

    Question
    If you think the outdated lib is the reason too, how can I tell Qt or rather qmake/make to use the downloaded, uptodate, openssl libraries instead of the shipped onces?
    I think, if I simply add them in the project file

    win32:{
    LIBS += -LPathToOpenSsl -lLibs
    ....
    }
    

    the old libs are not removed and still prioritized over the added onces, right?

    If you don't think that is the issue, what else could it be, and what could I do?

    Thanks.



  • Hi,

    the openssl files are not part of Qt, so there is nothing to replace. You willl have to provide them yourself right from the beginning. Please cmp. here what to do: http://doc.qt.io/qt-5/opensslsupport.html

    -Michael.



  • Hi, thanks for the answer,

    @m.sue said in QSslSocket and openssl:

    Hi,

    the openssl files are not part of Qt, so there is nothing to replace. You willl have to provide them yourself right from the beginning. Please cmp. here what to do: http://doc.qt.io/qt-5/opensslsupport.html

    -Michael.

    I actually read through that doc-party multiple times and more or less dismissed it as only needed when building on/for Android.

    As for openssl not part of Qt, thats not really true, I believe, because

    • QSslSocket::supportsSsl()
    • QSslSocket::sslLibraryVersionNumber()
    • QSslSocket::sslLibraryVersionString()
    • QSslSocket::sslLibraryBuildVersionNumber()
    • QSslSocket::sslLibraryBuildVersionString();

    all result in non empty strings:

    • true
    • 268435743
    • "OpenSSL 1.0.0q 15 Jan 2015"
    • 268443791
    • "OpenSSL 1.0.2h 3 May 2016"

    And I don't have to do any linking at all when using MacOS.

    Also adding:

    • LIBS += -LC:/OpenSSL-Win32/lib/MinGW -llibssl-1_1
      and
    • LIBS += -LC:/OpenSSL-Win32/lib/MinGW -llibcrypto-1_1

    has no effect either.



  • Hi,

    on the MAC OpenSSL may be part of MAC OS. It may also be part of MinGW. But it is not part of Qt, i.e. deployed with the Qt sources.

    If the Qt configure finds it in the OS it may use it automatically, though. So you can probably replace it there, where Qt finds it and then just re-configure..

    -Michael.



  • @m.sue Apple like most of the time does it own thing, and does not use openssl at all but Common Crypto

    Anyway,
    under ..\Windows\SysWOW64 I do find, libssl-1_1.dll und libcrypto-1_1.dll, created in Febuary. There is no other, older libssl in the windows folder.

    February is one month before I installed Qt on this Pc.
    However, I did not build Qt from source but used the precompiled version instead.

    If you suggest recompiling Qt from source with the correct openssl linked. I would rather not do that if possible.
    Of course if thats is the only way, than I will do it, but there ought to be an other way to link the correct libary!?



  • openssl library is not part of Qt distribution. You need to provide the directory where it is present.


  • Lifetime Qt Champion

    Hi,

    You currently need to use a version of OpenSSL that is lower than 1.1. The folks from OpenSSL broke compatibility with the 1.1 release.

    There's a new backend in the work for OpenSSL version starting at 1.1.



  • Thanks for the reminder!
    @SGaist said in QSslSocket and openssl:

    Hi,

    You currently need to use a version of OpenSSL that is lower than 1.1. The folks from OpenSSL broke compatibility with the 1.1 release.

    There's a new backend in the work for OpenSSL version starting at 1.1.

    I installed 1.0.2 of openssl

    I'm an idiot, because I read this thread 10 days ago and did not remember it, when I run into the same issues.

    Sadly this does not fix all my problems, all the openssl warnings are gone at least ! But apparently the certificates can not be found:

    SslErrors ("The issuer certificate of a locally looked up certificate could not be found", "No certificates could be verified")
    

    I guess I have to set them manually ?


  • Lifetime Qt Champion

    You have a completely private custom certificate ?



  • @SGaist Didn't know it before, but it turns out I most likly do have one here at work, trying to get a hold of my system admin to talk about it.

    socket->peerCertificateChain() Shows one certificate with my companies name in it.

    If I want to test my program internally, than I need to add that certificate for that phase. Later on when the software is out of house, it should be fine with the default certificates.



  • Ok, to make this a finishing answer:

    One needs an openssl version lower than 1.1, because OpenSSL broke compatibility with the 1.1 release - thanks @SGaist for that info.

    So one has to download a previous version from the OpenSSL webside, here or get a precompiled version, Wiki+binaries

    Than place/install the dll's in your system path, or at the same folder as your app-executable. Qt will find the correct libaries and you will see the errors/warnings disapear.

    If you want to export your program/app one can't expect openssl to be installed on the target platform, so you will have to place the correct dll's in the same folder as your executable.


  • Lifetime Qt Champion

    When developing, never put anything in your system path, you might create borders effect hard to debug in other projects.

    As for deployment on Windows, you should always provide all the dependencies your application need with the exception of system level dependencies i.e. the stuff already provided by Windows itself.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.