QNetworkRequest 和默认 SSL 配置 [英] QNetworkRequest and default SSL configuration

问题描述

我正在使用以下代码向服务器发出 HTTPS 请求.

I'm using the following piece of code to make HTTPS requests with a server.

QNetworkRequest request;

//request.setSslConfiguration(QSslConfiguration::defaultConfiguration());
request.setUrl(QUrl("https://www.someurl.com/"));

QNetworkReply *reply = manager->get(request);

我的测试服务器似乎一切正常，但我想知道是否建议设置 defaultConfiguration(取消注释第二行)或者网络 API 在使用 SSL 时是否自动检查所有 defaultConfigurations?如果它检查，如果我添加一个自定义配置，它是否也会这样做?我的意思是，是否需要将自定义配置附加到默认配置列表中?例如:

Everything seems to be working with my test server, but I would like to know if it is recommended to set the defaultConfiguration (uncomment second line) or does the network API automatically check all defaultConfigurations when using SSL? And if it checks, does it also do if I add one custom configuration? I mean, is it required to append the custom configuration to the list of default configuration? For example:

QSslConfiguration SslConfiguration(QSslConfiguration::defaultConfiguration());

QList<QSslCertificate> certificates = SslConfiguration.caCertificates();
certificates.append(QSslCertificate::fromData(certificate.toAscii(), QSsl::Pem));
SslConfiguration.setCaCertificates(certificates);

request.setSslConfiguration(SslConfiguration);

我想补充一点，我在 Symbian 平台上工作.

I would like to add that I'm working on Symbian platform.

推荐答案

来自
的文档void QNetworkRequest::setSslConfiguration ( const QSslConfiguration & config ):

默认情况下，没有 SSL 配置设置，它允许后端自由选择什么配置最适合他们.

By default, no SSL configuration is set, which allows the backends to choose freely what configuration is best for them.

您可以使用以下代码验证此声明:

You can verify this statement using the following code:

#include <QtGui/QApplication>
#include <QtCore/QDebug>
#include <QtNetwork/QNetworkAccessManager>
#include <QtNetwork/QNetworkRequest>
#include <QtNetwork/QNetworkReply>
#include <QtNetwork/QSslConfiguration>

int main(int argc, char *argv[])
{
    QApplication app(argc, argv);

    QNetworkAccessManager qnam;
    QNetworkRequest request;
    QNetworkReply* reply = qnam.get(request);

    qDebug() << "Default SSL configuration isNull: "
             << QSslConfiguration::defaultConfiguration().isNull();

    qDebug() << "SSL configuration used by QNAM isNull: "
             << reply->sslConfiguration().isNull();

    return app.exec();
}

但是，您似乎将根 CA 证书存储与 SSL 配置混淆了.前者只是后者的一部分(参见QListQSslConfiguration::caCertificates () const).如果您想确保 QNAM 将使用您的根 CA 证书，您可以利用 QNAM 使用 QSslSocket 建立 SSL 连接并使用以下任何静态方法

However, you seem to confuse root CA certificates store with SSL configuration. The former is only one part of the latter (see QList<QSslCertificate> QSslConfiguration::caCertificates () const). If you want to make sure your root CA certificates will be used by QNAM you can take advantage of the fact that QNAM uses QSslSocket to make SSL connections and use any of the following static methods

void addDefaultCaCertificate ( const QSslCertificate & certificate )
bool addDefaultCaCertificates ( const QString & path, QSsl::EncodingFormat encoding = QSsl::Pem, QRegExp::PatternSyntax syntax = QRegExp::FixedString )
void addDefaultCaCertificates ( const QList<QSslCertificate> & certificates )
void setDefaultCaCertificates ( const QList<QSslCertificate> & certificates )

设置使用 QSslSocket 建立的所有 SSL 连接使用的根 CA 证书.请记住，这是全局设置并影响所有使用 QSslSocket 建立的 SSL 连接不仅这些使用 QNAM 建立.没有 API 可以仅为特定 QNAM 或所有 QNAM 设置此项.

to set root CA certificates to be used by all SSL connections made using QSslSocket. Remember, this is global setting and affects all SSL connections made using QSslSocket not only these made using QNAM. There's no API to set this only for specific QNAM or for all QNAMs.

这篇关于QNetworkRequest 和默认 SSL 配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！