Hi,
I am using Coperspice 1.7.2 On Windows 10. I am trying to create a TLS connection to a Service on another Device, which has provided a self signed certificate for the connection.
I had this working in QT 4.8 with t he following code: -
QList<QSslCertificate> trustedCas = QSslCertificate::fromPath(certificate);
socket->setCaCertificates(trustedCas);
However the setCaCertificates method is not implemented for the QSslSocket class in Copperspice 1.7.2.
I have tried the following : -
QList<QSslCertificate> trustedCas = QSslCertificate::fromPath(certificate);
sslConfiguration.setCaCertificates(trustedCas);
socket->setSslConfiguration(sslConfiguration);
and
QList<QSslCertificate> trustedCas = QSslCertificate::fromPath(certificate);
socket->addCaCertificates(trustedCas);
but I keep on getting a SSL/TLS handshake error.
Does anyone know how to do this using Copperspice?
Kind Regards,
John
TLS connection using self signed certificates
Re: TLS connection using self signed certificates
Thank you for your interest in CopperSpice.
We are using an updated network socket implementation which reports an error when a self signed certificate is used. By default this error will prevent the connection from being opened for enhanced security.
If you want to allow self-signed certificates, you must call the QSSLSocket::ignoreErrors method prior to making the connection. Our API docs for this method contain an example of ignoring this particular error:
https://www.copperspice.com/docs/cs_api/class_qsslsocket.html#ad6e0f39376506625e8f0daf096a620f6
Let us know if you have any further issues or need additional information.
We are using an updated network socket implementation which reports an error when a self signed certificate is used. By default this error will prevent the connection from being opened for enhanced security.
If you want to allow self-signed certificates, you must call the QSSLSocket::ignoreErrors method prior to making the connection. Our API docs for this method contain an example of ignoring this particular error:
https://www.copperspice.com/docs/cs_api/class_qsslsocket.html#ad6e0f39376506625e8f0daf096a620f6
Let us know if you have any further issues or need additional information.
Ansel Sermersheim
CopperSpice Cofounder
CopperSpice Cofounder
Re: TLS connection using self signed certificates
Hi,
Thank you for your reply. I did as you suggested, following the example in the link. unfortunately this did not resolve the issue. I dug a bit further and I am getting a SslHandshakeFailedError (13) being thrown as a socket Error. I do not have any information about the cause of the issue. Does this get thrown as well as the other error or is it independent?
Regards,
John
Thank you for your reply. I did as you suggested, following the example in the link. unfortunately this did not resolve the issue. I dug a bit further and I am getting a SslHandshakeFailedError (13) being thrown as a socket Error. I do not have any information about the cause of the issue. Does this get thrown as well as the other error or is it independent?
Regards,
John
Re: TLS connection using self signed certificates
Thanks for testing. The SslHandshakeFailedError is a very general error code, and does not indicate why the connection failed. Here are some more troubleshooting notes and additional questions:
- The QSslSocket::sslErrors() method returns a list of the errors encountered on the connection. Calling the QSslError::errorString() method on each element of that list may give you additional information.
- What software is being used on the TLS server you are connecting to?
- What version of OpenSSL have you built CopperSpice with?
- Can you use the openssl command line utility from your client computer to successfully connect to the given server?
Ansel Sermersheim
CopperSpice Cofounder
CopperSpice Cofounder