Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. SSL failure / certificate problem
QtWS25 Last Chance

SSL failure / certificate problem

Scheduled Pinned Locked Moved Solved General and Desktop
qtcpserverqtcpsocketqsslsslcipher
2 Posts 1 Posters 2.8k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O Offline
    O Offline
    onek24
    wrote on 14 Jun 2016, 10:58 last edited by onek24
    #1

    Hello,

    I set up a QTcpServer and combined all the required signals to get a new QSslSocket from a socketDescriptor. This seems to work. Then i am doing this:

    socket->setPrivateKey(d->_sslKey);
socket->setLocalCertificate(d->_sslCertificate);
socket->startServerEncryption();

    Catching the error from the socket gives me: Error during SSL handshake:

    error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

    For the client i was using the "Secure Socket Client" Example from Qt and connected to my server. I've also printed the ciphers on client and on serverside and they seem to be the same, so actually there should be shared ciphers. Also both lists are really large.

    What might be the problem?

    Thanks in Advance

    UPDATE:
    I've added my public certificate to the client using setLocalCertificate and my certificate key using setPrivateKey(). I did this on the server side too. Now it seems like it can find ciphers, but i get another error:

    QSslSocket::startClientEncryption: cannot start handshake on non-plain connection

    UPDATE:
    I think it might be a problem with my certificates. Maybe someone could explain me how to properly combine my certificates with my QSslSocket i got from QTcpServer and my Client-QSslSocket which i use to connect to the host.
    I have the following certificates:

    CA:

    • ca-cert.pem
    • ca-key.pem

    Certificates:

    • certificate.pem
    • certificate-key.pem
    1 Reply Last reply
    0
    • O Offline
      O Offline
      onek24
      wrote on 14 Jun 2016, 14:05 last edited by onek24
      #2

      Fixed the problem:

      On Client-Side and on Server-Side i provide the following:

      • Private key of the certificate
      • Public key of the certificate
      • Public key of the CA

      An connection is established. I am getting an SSLError: "The certificate is self-signed and untrusted", but i can either ignore it using ignoreSslErrors(); or the better method is by comparing the certificates to make sure it's all good.
      Also i have re-created my certificates and my CA with the correct information, because I haven't provided the CN for localhost since i was testing on my local machine with my old certificates.

      Anyways, the communication works with correct certificates.

      1 Reply Last reply
      1

      1/2

      14 Jun 2016, 10:58

      • Login
      • Login or register to search.
      1 out of 2
      • First post
        1/2
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • Users
      • Groups
      • Search
      • Get Qt Extensions
      • Unsolved