QNetworkAccessManager, SSL .pfx || .pem Опции

[Гость_Гость_*]

Доброго времени суток , ребят, прошу у кого есть минутка накидайте маленький пример как должна выглядеть работа с SSL , c сертификатом. Сертификат у меня .pfx я его конвертнул в .pem толку не какого(приходит всегда пустой ответ , ошибки тоже нет) , я не понимаю принцип работы так что код даже и не выкладываю.

PS : в MFC есть возможность работать с хранилищем сертификата без каких либо заморочек с файлами, в Qt такого случаем нет ? .
Благодарю.

[balbes]

The Qt cross-platform application and UI framework provides a great deal of functionality to explore. After working with it off and on for the past two years I am still finding new and useful features to include in my projects. Recently I have had the opportunity to work with the Secure Sockets Layer (SSL) support, and have put together some notes to group some key documentation points together and to clarify a few points from the documentation that I found to be unclear.
1. Detecting SSL support
The main class that you will be working with when using Qt's SSL support, QSslSocket, provides a static member function named supportsSsl(), which will tell you if SSL is supported by the library. SSL may not be supported if your version of Qt was compiled with SSL disabled, or if the OpenSSL libraries on which Qt depends for its SSL support are not installed on your system.

QSslSocket::supportsSsl() can be used to programmatically detect that SSL is not supported, so that the application's user can be informed of the lack of SSL support.

void MyApplication::openConnection(const QString &hostname, unsigned short port) {
  if (QSslSocket::supportsSsl()) {
    QSslSocket *socket = new QSslSocket(this);
    connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
    socket->connectToHostEncrypted(hostname, port);
  } else {
    QMessageBox::critical(this, "No SSL Support",
      "SSL is not supported by your version of Qt. You must obtain a version of Qt"
      "that has SSL support enabled. If you believe that your version of Qt has"
      "SSL support enabled, you may need to install the OpenSSL run-time libraries.");
  }
}

2. Accepting an SSL connection

The QSslSocket documentation provides an example of accepting an SSL connection with a server socket that omits the important steps of key and certificate specification. If a valid key and certificate pair is not specified, the SSL handshake will fail.

The Qt "Guide to SSL certificates and certificate authorities" contains an example where the key and certificate are specified for a server socket, but this example references functions that no longer exist in the current version of the QSslSocket API.

Qt does not currently provide support for creating keys and certificates. As described by the Qt SSL certificate guide, the OpenSSL utilities can be used to create key and certificate files that are loaded by a Qt application.

// Intercept new socket connection and enable SSL
void SslServer::incomingConnection(int socketDescriptor) {
  QSslSocket *socket = new QSslSocket();
  if (socket->setSocketDescriptor(socketDescriptor)) {
    connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
    socket->setPrivateKey("server.key");
    socket->setLocalCertificate("server.csr");
    socket->startServerEncryption();
  } else {
    delete socket;
  }
}

3. The sslErrors(const QList<QSslError> &) signal

According to the QSslSocket documentation, the QSslSocket::sslErrors(const QList<QSslError> &) signal is emitted when one or more errors have occurred while establishing the identity of the peer. My experience has been that this signal is always emitted, even if no errors have occurred. If no errors have occurred the error list contains a single entry, QSslError::NoError [update: this appears to be a bug related to the OpenSSL version being used, and is not normal behavior; see QTBUG-19981].

Errors reported by QSslSocket::sslErrors(const QList<QSslError> &) are not necessarily fatal errors. It is possible that the handshake will succeed and the connection will complete, even if an error occurs while establishing the identity of the peer. Receipt of this signal should not be treated as an indication of connection failure.

Errors indicating that authentication of a peer's certificate has failed may be received, but if the peer verify mode is set to QSslSocket::VerifyNone the handshake will succeed and the connection will complete successfully. As noted by the QSslSocket documentation, when the peer verify mode is not set to QSslSocket::VerifyNone, SSL errors can be ignored by calling QSslSocket::ignoreSslErrors() from within the slot receiving the QSslSocket::sslErrors(const QList<QSslError &) signal.



That should help you get started writing Qt applications with SSL support. It will also serve as a nice reminder to me of what must be done to enable SSL support for a Qt application the next time I need to do it.

взято с h t t p ://dgraves.org/content/qt-notes-working-qsslsocket

Сообщение отредактировал balbes - 8.8.2012, 12:50