Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

QNetworkRequest and default SSL configuration

I'm using the following piece of code to make HTTPS requests with a server.

QNetworkRequest request;

//request.setSslConfiguration(QSslConfiguration::defaultConfiguration());
request.setUrl(QUrl("https://www.someurl.com/"));

QNetworkReply *reply = manager->get(request);

Everything seems to be working with my test server, but I would like to know if it is recommended to set the defaultConfiguration (uncomment second line) or does the network API automatically check all defaultConfigurations when using SSL? And if it checks, does it also do if I add one custom configuration? I mean, is it required to append the custom configuration to the list of default configuration? For example:

QSslConfiguration SslConfiguration(QSslConfiguration::defaultConfiguration());

QList<QSslCertificate> certificates = SslConfiguration.caCertificates();
certificates.append(QSslCertificate::fromData(certificate.toAscii(), QSsl::Pem));
SslConfiguration.setCaCertificates(certificates);

request.setSslConfiguration(SslConfiguration);

Edit: I would like to add that I'm working on Symbian platform.

like image 780
Routa Avatar asked Sep 10 '10 10:09

Routa


1 Answers

From documentation of
void QNetworkRequest::setSslConfiguration ( const QSslConfiguration & config ):

By default, no SSL configuration is set, which allows the backends to choose freely what configuration is best for them.

You can verify this statement using the following code:

#include <QtGui/QApplication>
#include <QtCore/QDebug>
#include <QtNetwork/QNetworkAccessManager>
#include <QtNetwork/QNetworkRequest>
#include <QtNetwork/QNetworkReply>
#include <QtNetwork/QSslConfiguration>

int main(int argc, char *argv[])
{
    QApplication app(argc, argv);

    QNetworkAccessManager qnam;
    QNetworkRequest request;
    QNetworkReply* reply = qnam.get(request);

    qDebug() << "Default SSL configuration isNull: "
             << QSslConfiguration::defaultConfiguration().isNull();

    qDebug() << "SSL configuration used by QNAM isNull: "
             << reply->sslConfiguration().isNull();

    return app.exec();
}

However, you seem to confuse root CA certificates store with SSL configuration. The former is only one part of the latter (see QList<QSslCertificate> QSslConfiguration::caCertificates () const). If you want to make sure your root CA certificates will be used by QNAM you can take advantage of the fact that QNAM uses QSslSocket to make SSL connections and use any of the following static methods

void addDefaultCaCertificate ( const QSslCertificate & certificate )
bool addDefaultCaCertificates ( const QString & path, QSsl::EncodingFormat encoding = QSsl::Pem, QRegExp::PatternSyntax syntax = QRegExp::FixedString )
void addDefaultCaCertificates ( const QList<QSslCertificate> & certificates )
void setDefaultCaCertificates ( const QList<QSslCertificate> & certificates )

to set root CA certificates to be used by all SSL connections made using QSslSocket. Remember, this is global setting and affects all SSL connections made using QSslSocket not only these made using QNAM. There's no API to set this only for specific QNAM or for all QNAMs.

like image 176
Piotr Dobrogost Avatar answered Oct 23 '22 07:10

Piotr Dobrogost