Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
752 views
in Technique[技术] by (71.8m points)

qt - QNetworkRequest and default SSL configuration

I'm using the following piece of code to make HTTPS requests with a server.

QNetworkRequest request;

//request.setSslConfiguration(QSslConfiguration::defaultConfiguration());
request.setUrl(QUrl("https://www.someurl.com/"));

QNetworkReply *reply = manager->get(request);

Everything seems to be working with my test server, but I would like to know if it is recommended to set the defaultConfiguration (uncomment second line) or does the network API automatically check all defaultConfigurations when using SSL? And if it checks, does it also do if I add one custom configuration? I mean, is it required to append the custom configuration to the list of default configuration? For example:

QSslConfiguration SslConfiguration(QSslConfiguration::defaultConfiguration());

QList<QSslCertificate> certificates = SslConfiguration.caCertificates();
certificates.append(QSslCertificate::fromData(certificate.toAscii(), QSsl::Pem));
SslConfiguration.setCaCertificates(certificates);

request.setSslConfiguration(SslConfiguration);

Edit: I would like to add that I'm working on Symbian platform.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

From documentation of
void QNetworkRequest::setSslConfiguration ( const QSslConfiguration & config ):

By default, no SSL configuration is set, which allows the backends to choose freely what configuration is best for them.

You can verify this statement using the following code:

#include <QtGui/QApplication>
#include <QtCore/QDebug>
#include <QtNetwork/QNetworkAccessManager>
#include <QtNetwork/QNetworkRequest>
#include <QtNetwork/QNetworkReply>
#include <QtNetwork/QSslConfiguration>

int main(int argc, char *argv[])
{
    QApplication app(argc, argv);

    QNetworkAccessManager qnam;
    QNetworkRequest request;
    QNetworkReply* reply = qnam.get(request);

    qDebug() << "Default SSL configuration isNull: "
             << QSslConfiguration::defaultConfiguration().isNull();

    qDebug() << "SSL configuration used by QNAM isNull: "
             << reply->sslConfiguration().isNull();

    return app.exec();
}

However, you seem to confuse root CA certificates store with SSL configuration. The former is only one part of the latter (see QList<QSslCertificate> QSslConfiguration::caCertificates () const). If you want to make sure your root CA certificates will be used by QNAM you can take advantage of the fact that QNAM uses QSslSocket to make SSL connections and use any of the following static methods

void addDefaultCaCertificate ( const QSslCertificate & certificate )
bool addDefaultCaCertificates ( const QString & path, QSsl::EncodingFormat encoding = QSsl::Pem, QRegExp::PatternSyntax syntax = QRegExp::FixedString )
void addDefaultCaCertificates ( const QList<QSslCertificate> & certificates )
void setDefaultCaCertificates ( const QList<QSslCertificate> & certificates )

to set root CA certificates to be used by all SSL connections made using QSslSocket. Remember, this is global setting and affects all SSL connections made using QSslSocket not only these made using QNAM. There's no API to set this only for specific QNAM or for all QNAMs.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...