Qt& SSL,握手失败 [英] Qt & SSL, Handshake failed
问题描述
我有问题.我已经制作了一个连接到https站点的Qt应用程序. 在我的工作机器上,一切正常.当我尝试在干净的Windows 7计算机上测试我的应用程序时,我发现了以下问题:
I have a problem. I've made a Qt application which is connecting to a https site. On my working machine, everything works fine. When I try to test my application on a clean Windows 7 machine, I observed the following issue:
在我安装了新的Win7计算机(安装了所有更新)之后,启动应用程序后,我收到了 SSL握手失败错误,SIGNAL(sslErrors(QNetworkReply * ,QList))发出,带有两个空的错误字符串,并且 error = QSslError :: NoError . 我确实整天都在搜索为什么会发生这种情况,也可以使用examples \ network \ securesocketclient \ release \ securesocketclient和域"google.com"来重现它.
After I have installed a fresh Win7 machine (installed all updates), after starting my application, I get a SSL Handshake failed error, SIGNAL(sslErrors(QNetworkReply*,QList)) is emitted with two empty error strings and error = QSslError::NoError. I was really searching the whole day why this happens, also could reproduce it with examples\network\securesocketclient\release\securesocketclient and domain "google.com".
现在,我发现,一旦启动Internet Explorer,便可以访问 https://www.google.com ,我的应用程序也按预期运行,并且不会再出现握手错误.
Now, I found out, that once I have started the internet explorer accessing https://www.google.com, my application is also working as expected and no further handshake errors are coming.
顺便说一句,您访问哪个网站都没有关系-与google.com无关.
BTW, it does not matter which site you are accessing - this is not related to google.com.
有人可以向我解释为什么会这样吗?是OpenSSL或Qt还是两者都存在的错误?
Can someone explain to me why this happens? Is it a bug in OpenSSL, or Qt, or both?
更新
我找到了一种解决该问题的方法,实现了以下忽略逻辑:
I found a way to live with that issue for myself, implementing the following ignore logic:
QSslError ignoreNOErrors(QSslError::NoError);
foreach(QSslError error, errors)
if(error.error() != QSslError::NoError)
qDebug() << error.errorString();
QList<QSslError> expectedSslErrors;
expectedSslErrors.append(ignoreNOErrors);
reply->ignoreSslErrors(expectedSslErrors);
谢谢
推荐答案
您可以忽略使用QSslConfiguration :: setPeerVerifyMode()进行的证书验证:
You could ignore certificate verify using QSslConfiguration::setPeerVerifyMode():
QSslConfiguration conf = request.sslConfiguration();
conf.setPeerVerifyMode(QSslSocket::VerifyNone);
request.setSslConfiguration(conf);
这篇关于Qt& SSL,握手失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!