QNetworkRequest and default SSL configuration
Asked Answered
C

1

9

I'm using the following piece of code to make HTTPS requests with a server.

QNetworkRequest request;

//request.setSslConfiguration(QSslConfiguration::defaultConfiguration());
request.setUrl(QUrl("https://www.someurl.com/"));

QNetworkReply *reply = manager->get(request);

Everything seems to be working with my test server, but I would like to know if it is recommended to set the defaultConfiguration (uncomment second line) or does the network API automatically check all defaultConfigurations when using SSL? And if it checks, does it also do if I add one custom configuration? I mean, is it required to append the custom configuration to the list of default configuration? For example:

QSslConfiguration SslConfiguration(QSslConfiguration::defaultConfiguration());

QList<QSslCertificate> certificates = SslConfiguration.caCertificates();
certificates.append(QSslCertificate::fromData(certificate.toAscii(), QSsl::Pem));
SslConfiguration.setCaCertificates(certificates);

request.setSslConfiguration(SslConfiguration);

Edit: I would like to add that I'm working on Symbian platform.

Cervix answered 10/9, 2010 at 10:20 Comment(0)
F
7

From documentation of
void QNetworkRequest::setSslConfiguration ( const QSslConfiguration & config ):

By default, no SSL configuration is set, which allows the backends to choose freely what configuration is best for them.

You can verify this statement using the following code:

#include <QtGui/QApplication>
#include <QtCore/QDebug>
#include <QtNetwork/QNetworkAccessManager>
#include <QtNetwork/QNetworkRequest>
#include <QtNetwork/QNetworkReply>
#include <QtNetwork/QSslConfiguration>

int main(int argc, char *argv[])
{
    QApplication app(argc, argv);

    QNetworkAccessManager qnam;
    QNetworkRequest request;
    QNetworkReply* reply = qnam.get(request);

    qDebug() << "Default SSL configuration isNull: "
             << QSslConfiguration::defaultConfiguration().isNull();

    qDebug() << "SSL configuration used by QNAM isNull: "
             << reply->sslConfiguration().isNull();

    return app.exec();
}

However, you seem to confuse root CA certificates store with SSL configuration. The former is only one part of the latter (see QList<QSslCertificate> QSslConfiguration::caCertificates () const). If you want to make sure your root CA certificates will be used by QNAM you can take advantage of the fact that QNAM uses QSslSocket to make SSL connections and use any of the following static methods

void addDefaultCaCertificate ( const QSslCertificate & certificate )
bool addDefaultCaCertificates ( const QString & path, QSsl::EncodingFormat encoding = QSsl::Pem, QRegExp::PatternSyntax syntax = QRegExp::FixedString )
void addDefaultCaCertificates ( const QList<QSslCertificate> & certificates )
void setDefaultCaCertificates ( const QList<QSslCertificate> & certificates )

to set root CA certificates to be used by all SSL connections made using QSslSocket. Remember, this is global setting and affects all SSL connections made using QSslSocket not only these made using QNAM. There's no API to set this only for specific QNAM or for all QNAMs.

Foulup answered 25/2, 2011 at 7:46 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.