From 6821b4426e74e3063936c5622b5eb2e249c40502 Mon Sep 17 00:00:00 2001 From: Ievgenii Meshcheriakov Date: Thu, 9 Mar 2023 12:45:26 +0100 Subject: sslechoclient example: Verify server certificate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Exit the application in case of any SSL errors instead of ignoring them. Fixes: QTBUG-108654 Pick-to: 6.5 Change-Id: Id209930c29fd434e2ede7a4d38452296e8cfb6f2 Reviewed-by: Mårten Nordheim Reviewed-by: Øystein Heskestad --- examples/websockets/sslechoclient/CMakeLists.txt | 5 +++++ examples/websockets/sslechoclient/sslechoclient.cpp | 20 +++++++++++++------- examples/websockets/sslechoclient/sslechoclient.pro | 5 +++++ 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/examples/websockets/sslechoclient/CMakeLists.txt b/examples/websockets/sslechoclient/CMakeLists.txt index 719a915..b629a9d 100644 --- a/examples/websockets/sslechoclient/CMakeLists.txt +++ b/examples/websockets/sslechoclient/CMakeLists.txt @@ -19,6 +19,11 @@ qt_add_executable(sslechoclient sslechoclient.cpp sslechoclient.h ) +qt_add_resources(sslechoclient "cert" + BASE ../sslechoserver + FILES ../sslechoserver/localhost.cert +) + set_target_properties(sslechoclient PROPERTIES WIN32_EXECUTABLE FALSE MACOSX_BUNDLE FALSE diff --git a/examples/websockets/sslechoclient/sslechoclient.cpp b/examples/websockets/sslechoclient/sslechoclient.cpp index 1b768cf..e5099e1 100644 --- a/examples/websockets/sslechoclient/sslechoclient.cpp +++ b/examples/websockets/sslechoclient/sslechoclient.cpp @@ -1,9 +1,10 @@ // Copyright (C) 2016 Kurt Pattyn . // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause #include "sslechoclient.h" +#include #include +#include #include -#include QT_USE_NAMESPACE @@ -14,6 +15,15 @@ SslEchoClient::SslEchoClient(const QUrl &url, QObject *parent) : connect(&m_webSocket, &QWebSocket::connected, this, &SslEchoClient::onConnected); connect(&m_webSocket, QOverload&>::of(&QWebSocket::sslErrors), this, &SslEchoClient::onSslErrors); + + QSslConfiguration sslConfiguration; + QFile certFile(QStringLiteral(":/localhost.cert")); + certFile.open(QIODevice::ReadOnly); + QSslCertificate certificate(&certFile, QSsl::Pem); + certFile.close(); + sslConfiguration.addCaCertificate(certificate); + m_webSocket.setSslConfiguration(sslConfiguration); + m_webSocket.open(QUrl(url)); } //! [constructor] @@ -37,12 +47,8 @@ void SslEchoClient::onTextMessageReceived(QString message) void SslEchoClient::onSslErrors(const QList &errors) { - Q_UNUSED(errors); + qWarning() << "SSL errors:" << errors; - // WARNING: Never ignore SSL errors in production code. - // The proper way to handle self-signed certificates is to add a custom root - // to the CA store. - - m_webSocket.ignoreSslErrors(); + qApp->quit(); } //! [onTextMessageReceived] diff --git a/examples/websockets/sslechoclient/sslechoclient.pro b/examples/websockets/sslechoclient/sslechoclient.pro index 3fa9d9b..29bbe74 100644 --- a/examples/websockets/sslechoclient/sslechoclient.pro +++ b/examples/websockets/sslechoclient/sslechoclient.pro @@ -13,5 +13,10 @@ SOURCES += \ HEADERS += \ sslechoclient.h +resources.files = ../sslechoserver/localhost.cert +resources.prefix = / + +RESOURCES += resources + target.path = $$[QT_INSTALL_EXAMPLES]/websockets/sslechoclient INSTALLS += target -- cgit v1.2.1