Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Qt local secure web sockets

I'm working on a Qt application which communicate with my web browser (currently Google Chrome) through a WebSocket.

Everything was working fine until I tried to use secured websockets...

I managed to resolve the issues I had with OpenSSL, so now I should have a working Qt application, but I don't.

I'm using VS2013, and Qt 5.3. I have the following code to start my server:

MyClass::MyClass (quint16 port, QObject *parent) : 
    QWebSocketServer("Press And Listen Server", QWebSocketServer::SecureMode, parent) {

    QSslConfiguration sslConfiguration;
    QFile certFile (QStringLiteral ("localhost.crt"));
    QFile keyFile (QStringLiteral ("localhost.key"));
    certFile.open (QIODevice::ReadOnly);
    keyFile.open (QIODevice::ReadOnly);
    QSslCertificate certificate (&certFile, QSsl::Pem);
    QSslKey sslKey (&keyFile, QSsl::Rsa, QSsl::Pem);
    certFile.close ();
    keyFile.close ();
    sslConfiguration.setPeerVerifyMode (QSslSocket::VerifyNone);
    sslConfiguration.setLocalCertificate (certificate);
    sslConfiguration.setPrivateKey (sslKey);
    sslConfiguration.setProtocol (QSsl::TlsV1SslV3);
    this->setSslConfiguration (sslConfiguration);

    if (!this->listen (QHostAddress::Any, port)) {
        throw ServerNotStartedException () ;
    }
    qDebug () << "Server listenning on: " << port ;
    connect (this, &QWebSocketServer::newConnection, this, &MyClass::onNewConnection);
    connect (this, &QWebSocketServer::closed, this, &MyClass::onClose);
    connect (this, &QWebSocketServer::sslErrors, this, &MyClass::onSslErrors);
}

I created the certificate files using the following method: https://developer.salesforce.com/blogs/developer-relations/2011/05/generating-valid-self-signed-certificates.html

On the browser side, I only have:

var websock = websock = new WebSocket('wss://localhost:52132');

websock.onerror = function (error) {
    console.log('Press & Listen, WS Error: ' + error);
};

websock.onopen = function () {
    console.log('Open!');
};

Unfortunately, everytime I tried, I got the following JS message:

WebSocket connection to 'wss://localhost:52132/' failed: Error in connection establishment: net::ERR_TIMED_OUT

So far:

  • QSslSocket::supportsSsl () returns true
  • I don't have any QSslSocket: cannot resolve XXX method messages
  • OpenSSL DLLs are loaded, VS2013 output the following messages:

    'MyProject.exe' (Win32): Loaded 'I:\Sources\VS2013\x64\Release\ssleay32.dll'. Cannot find or open the PDB file. 'PressAndListenQt.exe' (Win32): Loaded 'I:\Sources\VS2013\x64\Release\libeay32.dll'. Cannot find or open the PDB file.`

I don't know how to find what's wrong, so I'm open to any suggestion!

Edit: I tried to generate a self-signed certificate using the following (instead of the link above):

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 100 -nodes

Now I get another error:

WebSocket connection to 'wss://localhost:52132/' failed: WebSocket opening handshake was canceled
like image 318
Holt Avatar asked Jan 20 '15 22:01

Holt


People also ask

Is server side Qt code in secure web socket connection?

Q2) Server side is not Qt Code and client side is Qt. does it in secure web socket connection? (i.e. server Socket and client Socket are independent of programming Language for connection or not?) NOTE: i'm able to connect with same server using none secure connection. It looks like your certificate isn't made for this server.

What is Qt WebSockets?

Qt WebSockets enables you to build WebSocket-aware applications. It provides an implementation for the WebSocket protocol, which is offered by IETF (Internet Engineering Task Force) as a better alternative for bidirectional communication using the existing web infrastructure.

What are WebSockets and how to secure them?

Websockets allow us to achieve real-time communication among different clients connected to a server. A lot of people are unaware of how to secure their websockets against some very common attacks. Let us see what they are and what should you do to protect your websockets.

Is it possible to pass QML WebSocket as input to Webchannel?

From WebChannel.js, WebChannel takes QML WebSocket as input. I tried passing a C++ side created WebSocket to it but it doesnt work. It gives error from the JS file itself.


1 Answers

According to your problem statement

  • OpenSSL Librarys seems OK
  • Qt Code and Html code may be fine
  • Secure Server MISSING

There is a sample code in Qt \Examples\Qt-5.x\websockets\sslechoserver also an html file with websocket html code. If we run above sample and look at the web-socket reply it will give error code 1006 Error Codes.

I have looked at the errors occurred and i think it may be because you have not hosted your html code on secure web-server(non https). I suggest you to host your html file on webserver and map it with your certificates for https secure browsing.

Connection termination may be because of insecure sockets or certificate mismatch.

Browser Console

WebSocket connection to 'wss://localhost:1234/' failed: Error in connection establishment: net::ERR_INSECURE_RESPONSE 

Browser trace for URL Request

t=11880 [st= 0] +REQUEST_ALIVE  [dt=17]
t=11880 [st= 0]    URL_REQUEST_DELEGATE  [dt=1]
t=11881 [st= 1]   +URL_REQUEST_START_JOB  [dt=16]
                   --> load_flags = 18 (BYPASS_CACHE | DISABLE_CACHE)
                   --> method = "GET"
                   --> priority = "LOWEST"
                   --> url = "wss://localhost:1234/"
t=11881 [st= 1]      URL_REQUEST_DELEGATE  [dt=0]
t=11881 [st= 1]      HTTP_CACHE_GET_BACKEND  [dt=0]
t=11881 [st= 1]     +HTTP_STREAM_REQUEST  [dt=15]
t=11881 [st= 1]        HTTP_STREAM_REQUEST_STARTED_JOB
                       --> source_dependency = 6025 (HTTP_STREAM_JOB)
t=11896 [st=16]        HTTP_STREAM_REQUEST_BOUND_TO_JOB
                       --> source_dependency = 6025 (HTTP_STREAM_JOB)
t=11896 [st=16]     -HTTP_STREAM_REQUEST
t=11896 [st=16]      URL_REQUEST_DELEGATE  [dt=1]
t=11897 [st=17]      CANCELLED
                     --> net_error = -501 (ERR_INSECURE_RESPONSE)
t=11897 [st=17]   -URL_REQUEST_START_JOB
                   --> net_error = -501 (ERR_INSECURE_RESPONSE)
t=11897 [st=17]    URL_REQUEST_DELEGATE  [dt=0]
t=11897 [st=17] -REQUEST_ALIVE

Browser trace for Http Stream

t=11881 [st= 0] +HTTP_STREAM_JOB  [dt=15]
                 --> alternative_service = "unknown :0"
                 --> original_url = "wss://localhost:1234/"
                 --> priority = "LOWEST"
                 --> source_dependency = 6024 (URL_REQUEST)
                 --> url = "wss://localhost:1234/"
t=11881 [st= 0]   +PROXY_SERVICE  [dt=0]
t=11881 [st= 0]      PROXY_SERVICE_RESOLVED_PROXY_LIST
                     --> pac_string = "DIRECT"
t=11881 [st= 0]      PROXY_SERVICE_DEPRIORITIZED_BAD_PROXIES
                     --> pac_string = "DIRECT"
t=11881 [st= 0]   -PROXY_SERVICE
t=11881 [st= 0]   +SOCKET_POOL  [dt=15]
t=11896 [st=15]      SOCKET_POOL_BOUND_TO_CONNECT_JOB
                     --> source_dependency = 6026 (CONNECT_JOB)
t=11896 [st=15]      SOCKET_POOL_BOUND_TO_SOCKET
                     --> source_dependency = 6029 (SOCKET)
t=11896 [st=15]   -SOCKET_POOL
                   --> net_error = -202 (ERR_CERT_AUTHORITY_INVALID)
t=11896 [st=15]    HTTP_STREAM_JOB_BOUND_TO_REQUEST
                   --> source_dependency = 6024 (URL_REQUEST)
t=11896 [st=15] -HTTP_STREAM_JOB
like image 85
Mandar Avatar answered Oct 12 '22 20:10

Mandar