diff options
| author | Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io> | 2023-03-09 12:45:26 +0100 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2023-03-14 18:54:06 +0000 |
| commit | 2288aa3ca314dba86e31ac7df52de8760624f499 (patch) | |
| tree | 11986fd24e6000f05f283ca0927498da09748410 | |
| parent | 15e3581930b4ecacd5459997e5f5ecc48b6a6d1e (diff) | |
| download | qtwebsockets-2288aa3ca314dba86e31ac7df52de8760624f499.tar.gz | |
sslechoclient example: Verify server certificate
Exit the application in case of any SSL errors instead of ignoring them.
Fixes: QTBUG-108654
Change-Id: Id209930c29fd434e2ede7a4d38452296e8cfb6f2
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io>
(cherry picked from commit 6821b4426e74e3063936c5622b5eb2e249c40502)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
| -rw-r--r-- | examples/websockets/sslechoclient/CMakeLists.txt | 5 | ||||
| -rw-r--r-- | examples/websockets/sslechoclient/sslechoclient.cpp | 20 | ||||
| -rw-r--r-- | examples/websockets/sslechoclient/sslechoclient.pro | 5 |
3 files changed, 23 insertions, 7 deletions
diff --git a/examples/websockets/sslechoclient/CMakeLists.txt b/examples/websockets/sslechoclient/CMakeLists.txt index 719a915..b629a9d 100644 --- a/examples/websockets/sslechoclient/CMakeLists.txt +++ b/examples/websockets/sslechoclient/CMakeLists.txt @@ -19,6 +19,11 @@ qt_add_executable(sslechoclient sslechoclient.cpp sslechoclient.h ) +qt_add_resources(sslechoclient "cert" + BASE ../sslechoserver + FILES ../sslechoserver/localhost.cert +) + set_target_properties(sslechoclient PROPERTIES WIN32_EXECUTABLE FALSE MACOSX_BUNDLE FALSE diff --git a/examples/websockets/sslechoclient/sslechoclient.cpp b/examples/websockets/sslechoclient/sslechoclient.cpp index 1b768cf..e5099e1 100644 --- a/examples/websockets/sslechoclient/sslechoclient.cpp +++ b/examples/websockets/sslechoclient/sslechoclient.cpp @@ -1,9 +1,10 @@ // Copyright (C) 2016 Kurt Pattyn <pattyn.kurt@gmail.com>. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause #include "sslechoclient.h" +#include <QtCore/QCoreApplication> #include <QtCore/QDebug> +#include <QtCore/QFile> #include <QtWebSockets/QWebSocket> -#include <QCoreApplication> QT_USE_NAMESPACE @@ -14,6 +15,15 @@ SslEchoClient::SslEchoClient(const QUrl &url, QObject *parent) : connect(&m_webSocket, &QWebSocket::connected, this, &SslEchoClient::onConnected); connect(&m_webSocket, QOverload<const QList<QSslError>&>::of(&QWebSocket::sslErrors), this, &SslEchoClient::onSslErrors); + + QSslConfiguration sslConfiguration; + QFile certFile(QStringLiteral(":/localhost.cert")); + certFile.open(QIODevice::ReadOnly); + QSslCertificate certificate(&certFile, QSsl::Pem); + certFile.close(); + sslConfiguration.addCaCertificate(certificate); + m_webSocket.setSslConfiguration(sslConfiguration); + m_webSocket.open(QUrl(url)); } //! [constructor] @@ -37,12 +47,8 @@ void SslEchoClient::onTextMessageReceived(QString message) void SslEchoClient::onSslErrors(const QList<QSslError> &errors) { - Q_UNUSED(errors); + qWarning() << "SSL errors:" << errors; - // WARNING: Never ignore SSL errors in production code. - // The proper way to handle self-signed certificates is to add a custom root - // to the CA store. - - m_webSocket.ignoreSslErrors(); + qApp->quit(); } //! [onTextMessageReceived] diff --git a/examples/websockets/sslechoclient/sslechoclient.pro b/examples/websockets/sslechoclient/sslechoclient.pro index 3fa9d9b..29bbe74 100644 --- a/examples/websockets/sslechoclient/sslechoclient.pro +++ b/examples/websockets/sslechoclient/sslechoclient.pro @@ -13,5 +13,10 @@ SOURCES += \ HEADERS += \ sslechoclient.h +resources.files = ../sslechoserver/localhost.cert +resources.prefix = / + +RESOURCES += resources + target.path = $$[QT_INSTALL_EXAMPLES]/websockets/sslechoclient INSTALLS += target |