QSslError: The certificate is self-signed, and untrusted

Question

I'm trying send a rest request to a webservice where the certificate is selfsigned. At the moment I'm creating a request, setting the url and the auth. key as headers. Then I tell the reply to ignore this ssl error:

QSslError error(QSslError::SelfSignedCertificate);
QList<QSslError> expectedSslErrors;
expectedSslErrors.append(error);

QNetworkReply *reply = _accessManager.put(request, ""); // no requestbody
reply->ignoreSslErrors(expectedSslErrors);

When I run it I get the following ssl error:

9 - The certificate is self-signed, and untrusted

followed by network error nr 6:

Request failed with message: SSL handshake failed

At the moment I'm ignoring ALL errors since it seems to be the only thing that works. Feel dirty.

Would be really grateful if anyone know what I'm doing wrong!

EDIT:

Changed to:

QList<QSslError> expectedSslErrors;
expectedSslErrors.append(QSslError::SelfSignedCertificate);
expectedSslErrors.append(QSslError::CertificateUntrusted);
reply->ignoreSslErrors(expectedSslErrors);

But still getting the same error...

Answer 1

The certificate is self-signed, and untrusted

The problem is the "untrusted" part. You have to provide the self signed certificate, as second parameter of QSslError.

Edit: Based on the source code, the comparison between the actually received SSL errors and the errors passed to ignoreSslErrors is done by comparing both the error code, and the certificate.
So if the error returned by OpenSSL would contain a certificate, like with QSslError::SelfSignedCertificate, you must always pass a certificate to QSslError constructor, or the comparison would fail.

But you can also ignore the error manually by connecting the signal sslError() to a slot where you check that the error list contains only a self signed certificate error, and then call ignoreSslErrors() (without any parameter).