I'm trying to make a connection to a web service that uses SSL. I'm working with Blackberry 10 in C++ with the QNX IDE Momentics. The connection that I'm trying to do is as follows:
URL: "https://movilapi...."
Code:
networkAccessManager = new QNetworkAccessManager(this);
bool res = connect(networkAccessManager, SIGNAL(finished(QNetworkReply*)),
this, SLOT(requestFinished(QNetworkReply*)));
Q_ASSERT(res);
Q_UNUSED(res);
QNetworkRequest request = QNetworkRequest(QUrl(url));
request.setRawHeader("User-Agent", "bb-phone/20120910");
request.setRawHeader("Content-Type", "application/json");
request.setRawHeader("Content-Length", postDataSize);
QSslConfiguration sslConfig = request.sslConfiguration();
sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfig.setProtocol(QSsl::TlsV1);
request.setSslConfiguration(sslConfig);
networkAccessManager->post(request, outData);
I'm always getting the same error no matter which service I try to reach. The response is: SSL handshake failed
Wireshark Info:
Protocol Length Info
SSLv2 157 Client Hello
TLSv1 1202 Server Hello, Certificate, Server Hello Done
TLSv1 449 Client Key Exchange
TLSv1 60 Change Cipher Spec
TLSv1 91 Encrypted Handshake Message
TLSv1 97 Change Cipher Spec, Encrypted Handshake Message
TLSv1 605 Application Data
TLSv1 280 Application Data
TLSv1 277 Application Data
TLSv1 121 Application Data
TLSv1 92 Application Data
TLSv1 297 Application Data, Application Data, Application Data, Application Data
TLSv1 77 Encrypted Alert
The Encrypted Alert content type is 21
The servers ciphersuites is in the list of supported ciphersuites of the client.
I'm using the following lib to make the connection: QtNetwork/qnetworkreply.h
I hope this new info improve the quality of the question.
Please help, I've been searching for hours without success.
After getting in touch with a few RIM personal about this particular issue we found out that the TLS/SSL server is intolerant of certain extensions, so with the following Qt code to disable transmission of extensions the connection was succesfully made through https:
QSslConfiguration cfg(request.sslConfiguration());
cfg.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
request.setSslConfiguration(cfg);
I want to make special mention of the Application Development department of Research In Motion for the attention and the effort invested on this issue until we finally got the right way to go.
Below is the entire connection code in case that anybody is facing this need:
networkAccessManager = new QNetworkAccessManager(this);
bool res = connect(networkAccessManager, SIGNAL(finished(QNetworkReply*)),
this, SLOT(requestFinished(QNetworkReply*)));
QNetworkRequest request = QNetworkRequest(QUrl(url));
request.setRawHeader("User-Agent", "BB_PHONE/20120926");
request.setRawHeader("Content-Type", "application/json");
request.setRawHeader("Content-Length", postDataSize);
QSslConfiguration sslConfig = request.sslConfiguration();
sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfig.setPeerVerifyDepth(1);
sslConfig.setProtocol(QSsl::TlsV1);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
request.setSslConfiguration(sslConfig);
networkAccessManager->post(request, outData);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With