SSL Client/Server Handshake

marlenet15 · wrote on 25 Aug 2016, 15:32

So I found the following example online for Client and Server using SSL. Client sends a handshake to the server saying hello world and when the server receives it, it displays it.On the GUI I created, I would like for the client to send a handshake to the server with the message such as "Hello Steve" and when the server receives it will check whether Steve (an object I create) is there. If it's not there then server will reply back "no he is not here" and if he is there it will reply back "yes he is here". The client side will then do something depending on the answer. From the example below, is it possible for the server to reply back to the client?

client

#include "ClientExample.h"

#include <QCoreApplication>
#include <QString>
#include <QSslSocket>
#include <QThread>

ClientExample::ClientExample(QObject *parent) : QObject(parent)
{
}


void ClientExample::run()
{
    QString hostName = "127.0.0.1";    // DO NOT CHANGE THIS AS IT MUST MATCH THE FQDN OF THE CERTIFICATE (you MUST create your own certificate in order to change this)
    quint16 port = 22333;

    QSslSocket sslSocket;
    sslSocket.addCaCertificates("~/Downloads/Qt-SslServer-master/example/Client/Debug/debug/sslserver.pem");
    sslSocket.connectToHostEncrypted(hostName, port);

    if (sslSocket.waitForEncrypted(-1))    // Wait until encrypted connection is established, -1 means no timeout
    {
        qDebug() << "Connected";
        sslSocket.write("Hello, Steve!");    // Send message to the server

        if (sslSocket.waitForBytesWritten(-1))    // Wait until message is sent (also makes QSslSocket flush the buffer)
            qDebug() << "Message sent";
        else
            qDebug().nospace() << "ERROR: could not send message (" << qPrintable(sslSocket.errorString()) << ")";

        while (!sslSocket.waitForDisconnected())    // Wait until disconnected
            QThread::msleep(10);

        qDebug() << "Disconnected";
    }

    else
    {
        qDebug().nospace() << "ERROR: could not establish encrypted connection (" << qPrintable(sslSocket.errorString()) << ")";
    }

    this->deleteLater();
    QThread::currentThread()->quit();
    qApp->exit();
}

server

#include "ServerExample.h"

#include "SslServer.h"

#include <QCoreApplication>
#include <QHostAddress>
#include <QSslSocket>
#include <QThread>

ServerExample::ServerExample(QObject *parent) : QObject(parent)
{
}


void ServerExample::run()
{
    QHostAddress address = QHostAddress::Any;
    quint16 port = 22333;

    SslServer sslServer;
    sslServer.setSslLocalCertificate("~/Downloads/Qt-SslServer-master/example/Server/Debug/debug/sslserver.pem");
    sslServer.setSslPrivateKey("~/Downloads/Qt-SslServer-master/example/Server/Debug/debug/sslserver.key");
    sslServer.setSslProtocol(QSsl::TlsV1_2);

    if (sslServer.listen(address, port))
        qDebug().nospace() << "Now listening on " << qPrintable(/*address.toString()*/ "127.0.0.1") << ":" << port;
    else
        qDebug().nospace() << "ERROR: could not bind to " << qPrintable(address.toString()) << ":" << port;

    if (sslServer.waitForNewConnection(-1))    // Wait until a new connection is received, -1 means no timeout
    {
        qDebug() << "New connection";
        QSslSocket *sslSocket = dynamic_cast<QSslSocket*>(sslServer.nextPendingConnection());

        if (sslSocket->waitForReadyRead(5000))    // Wait until some data is received, 5000 ms timeout (-1 doesn't work here)
        {
            QByteArray message = sslSocket->readAll();    // Read message
            qDebug() << "Message:" << QString(message);

//this is the area where the program will check if Steve is there and reply back to the client
            
            sslSocket->disconnectFromHost();    // Disconnect
            sslSocket->waitForDisconnected();    // Wait until disconnected
            qDebug() << "Disconnected";
        }

        else
        {
            qDebug().nospace() << "ERROR: could not receive message (" << qPrintable(sslSocket->errorString()) << ")";
        }
    }

    else
    {
        qDebug().nospace() << "ERROR: could not establish encrypted connection (" << qPrintable(sslServer.errorString()) << ")";
    }

    this->deleteLater();
    QThread::currentThread()->quit();
    qApp->exit();
}

VRonin · wrote on 25 Aug 2016, 17:17

This is not an SSL Handshake problem.

Just do not disconnect the sockets, keep them connected and you can send data across them via secure TCP.

check the fortune examples in Qt, those are bad examples but it's a starting point http://doc.qt.io/qt-5/qtnetwork-fortuneclient-example.html

marlenet15 · wrote on 25 Aug 2016, 17:46

Is it possible for you to explain to me how this is not SSL handshake? I thought it was. Thank you so much.

VRonin · wrote on 26 Aug 2016, 06:59

The handshake is the process that establishes the secure connection, in Qt QSslSocket::connectToHostEncrypted and QSslSocket::startServerEncryption take care of the handshake. The "Hello Word" sent across is just normal TCP communication that could be done even without encryption (i.e. using QTcpSocket)