TLS connection using self signed certificates

Report any problems with CopperSpice
Post Reply
aquilinaj
Posts: 7
Joined: Thu Dec 09 2021 12:56 pm

TLS connection using self signed certificates

Post by aquilinaj »

Hi,

I am using Coperspice 1.7.2 On Windows 10. I am trying to create a TLS connection to a Service on another Device, which has provided a self signed certificate for the connection.

I had this working in QT 4.8 with t he following code: -

QList<QSslCertificate> trustedCas = QSslCertificate::fromPath(certificate);

socket->setCaCertificates(trustedCas);

However the setCaCertificates method is not implemented for the QSslSocket class in Copperspice 1.7.2.

I have tried the following : -

QList<QSslCertificate> trustedCas = QSslCertificate::fromPath(certificate);

sslConfiguration.setCaCertificates(trustedCas);
socket->setSslConfiguration(sslConfiguration);

and
QList<QSslCertificate> trustedCas = QSslCertificate::fromPath(certificate);

socket->addCaCertificates(trustedCas);

but I keep on getting a SSL/TLS handshake error.

Does anyone know how to do this using Copperspice?

Kind Regards,

John
ansel
Posts: 152
Joined: Fri Apr 10 2015 8:23 am

Re: TLS connection using self signed certificates

Post by ansel »

Thank you for your interest in CopperSpice.

We are using an updated network socket implementation which reports an error when a self signed certificate is used. By default this error will prevent the connection from being opened for enhanced security.

If you want to allow self-signed certificates, you must call the QSSLSocket::ignoreErrors method prior to making the connection. Our API docs for this method contain an example of ignoring this particular error:

https://www.copperspice.com/docs/cs_api/class_qsslsocket.html#ad6e0f39376506625e8f0daf096a620f6

Let us know if you have any further issues or need additional information.
Ansel Sermersheim
CopperSpice Cofounder
aquilinaj
Posts: 7
Joined: Thu Dec 09 2021 12:56 pm

Re: TLS connection using self signed certificates

Post by aquilinaj »

Hi,

Thank you for your reply. I did as you suggested, following the example in the link. unfortunately this did not resolve the issue. I dug a bit further and I am getting a SslHandshakeFailedError (13) being thrown as a socket Error. I do not have any information about the cause of the issue. Does this get thrown as well as the other error or is it independent?

Regards,

John
ansel
Posts: 152
Joined: Fri Apr 10 2015 8:23 am

Re: TLS connection using self signed certificates

Post by ansel »

Thanks for testing. The SslHandshakeFailedError is a very general error code, and does not indicate why the connection failed. Here are some more troubleshooting notes and additional questions:
  • The QSslSocket::sslErrors() method returns a list of the errors encountered on the connection. Calling the QSslError::errorString() method on each element of that list may give you additional information.
  • What software is being used on the TLS server you are connecting to?
  • What version of OpenSSL have you built CopperSpice with?
  • Can you use the openssl command line utility from your client computer to successfully connect to the given server?
Ansel Sermersheim
CopperSpice Cofounder
Post Reply