У меня есть подписанный ssl-сертификат (сгенерированный с последним Openssl):
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:99:98:f6:33:68:5b:1d:ce:91:7c:d6:47:07:58:11:d0:18:d6:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = sk, ST = sk, L = sk, O = sk, OU = sk, CN = 127.0.0.1
Validity
Not Before: Dec 2 13:31:55 2019 GMT
Not After : Nov 29 13:31:55 2029 GMT
Subject: C = sk, ST = sk, L = sk, O = sk, OU = sk, CN = 127.0.0.1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b2:22:2c:d8:95:8f:e5:cf:24:9f:a0:d9:bb:77:
d4:7a:03:7e:04:bf:23:64:4a:eb:42:db:3f:02:bc:
67:6f:a2:06:ca:a9:2a:08:4c:7e:57:fc:63:63:c0:
39:a2:0a:58:0e:8b:d6:13:7e:0a:b6:fd:6c:6a:36:
06:17:ed:2c:4c:37:c8:07:b8:91:64:d1:b4:5b:04:
d6:c5:4d:42:a6:c6:71:c7:8d:a7:b2:bd:e9:88:29:
43:4b:10:6a:29:45:c3:da:13:8a:10:bb:f7:04:f4:
1e:18:74:82:bb:d0:e0:4a:0f:ef:2f:74:a7:96:41:
4b:52:a9:5a:c7:45:cd:b5:2c:e1:76:59:35:84:26:
15:6f:3e:4b:c9:71:39:98:46:66:7c:b2:0e:96:e7:
5e:84:e2:a7:21:43:62:75:61:7e:83:57:75:33:db:
1a:48:3c:b3:c3:30:80:cf:fe:66:f3:24:fd:a0:7f:
8a:85:26:ea:69:b0:cd:83:85:71:90:54:c7:ae:92:
90:d9:7d:c6:66:49:b1:b4:8f:fb:80:c4:d8:7c:24:
51:28:79:6c:61:cd:32:33:53:6d:21:37:0b:4b:aa:
d3:50:3e:31:fb:75:92:b4:93:df:7c:b5:c6:8b:51:
78:39:8b:ba:e9:2b:4b:78:8d:83:38:60:53:f4:81:
f8:4d:bc:64:87:c4:90:fd:07:bb:64:36:b9:98:de:
51:ad:42:0a:d7:2a:b4:00:4d:29:83:b8:23:5c:8e:
78:d8:eb:f6:f3:7d:75:fd:05:cc:89:06:58:89:e2:
ec:73:02:c7:89:c0:ea:b2:f5:a5:ff:08:54:57:aa:
23:49:42:b4:64:89:5e:5a:5a:1c:9b:eb:0e:63:0e:
d9:67:c4:d0:e8:6a:5f:34:24:67:95:a2:b9:a8:90:
d7:7e:23:74:ab:20:a9:6a:47:a8:f8:70:77:4a:f9:
2d:b8:12:9a:f0:32:93:dd:36:4a:4b:e2:24:fa:48:
7c:00:0e:c3:95:d7:13:b2:85:d0:ca:be:d7:f5:de:
db:6d:49:44:96:fb:2d:bb:38:b9:09:a8:cc:87:16:
20:8b:60:f2:a7:80:35:2e:fc:13:32:4f:71:b0:99:
04:4b:9d:18:85:15:f0:01:a4:f0:8f:5f:05:3b:20:
4d:41:99:b0:8a:bf:26:a9:e6:f1:ee:f2:a0:94:26:
16:79:8d:da:64:e4:e4:d4:72:a7:64:a0:6e:04:bc:
95:14:9b:81:26:25:80:6f:b7:99:45:f1:8f:46:be:
5a:39:06:91:d5:63:f7:a1:d9:b1:0a:24:ee:27:27:
96:b5:13:93:10:a1:7b:30:0d:61:4c:f4:90:4e:56:
dc:8a:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:F8:69:92:27:3E:97:88:69:3C:52:22:D3:DC:A3:F9:0C:70:52:55
X509v3 Authority Key Identifier:
keyid:CA:F8:69:92:27:3E:97:88:69:3C:52:22:D3:DC:A3:F9:0C:70:52:55
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
2b:54:fb:cc:23:aa:37:fe:bb:71:71:63:ce:94:06:8a:5a:82:
79:b6:e3:5b:c5:1e:da:61:e4:dd:7b:6f:8e:0d:8f:94:d4:6e:
0e:6f:14:46:d9:b7:12:c7:3f:ce:b4:a9:1e:3b:6d:64:7e:bf:
24:98:54:a7:98:fd:8d:29:b7:cb:6c:ca:ab:6f:f0:a1:4d:d9:
67:bb:f1:e2:bd:9d:64:12:8e:92:84:c4:ec:c1:02:f3:df:cd:
a4:a7:08:ce:a3:a6:dc:02:76:70:d8:e3:83:11:c7:f4:60:62:
49:28:d5:c5:3a:d3:b6:67:80:88:a9:b6:bb:f7:85:5e:fe:a3:
8f:6e:63:6c:df:00:f7:6e:48:2e:f5:37:67:27:c8:6f:3d:e7:
d5:87:ac:39:62:55:b3:7d:c0:02:d2:0b:02:e1:94:45:ae:86:
40:50:a8:d9:e3:45:72:a2:a5:11:1f:43:b8:62:14:b7:98:03:
69:e3:7e:ed:9d:b9:11:eb:f6:41:1e:55:c7:95:c0:4e:69:c7:
e1:93:01:5b:a7:28:41:d2:6f:9d:11:38:e3:3a:75:fe:66:28:
11:9b:52:23:c4:2b:c0:53:dc:70:71:8c:22:35:a9:c5:d8:81:
36:ce:44:dc:d7:f1:44:7d:bf:0b:c0:7f:10:e9:b1:c7:ed:0d:
f1:81:d4:8d:46:1c:04:97:55:98:37:91:d2:cf:6c:b5:b1:96:
c2:e2:60:d1:29:5d:e1:d1:54:73:3a:44:2d:7c:0e:f7:43:cf:
53:4e:27:00:ba:e8:5c:d6:db:64:72:29:6e:ad:1b:1b:1d:63:
9f:b9:e8:6b:62:3f:4f:71:2d:14:c0:2f:d5:05:84:fa:c7:54:
84:11:d4:3d:7c:9e:18:7a:2e:e3:19:d7:19:df:a5:22:a8:94:
ec:27:2d:a4:10:6f:36:f0:42:0b:26:b9:17:5a:73:59:07:71:
88:77:dd:48:b0:0c:dc:ea:d8:6a:5e:bc:8c:1c:d8:c0:6b:18:
ac:45:d3:32:cb:35:f2:5b:d5:4b:b5:9a:0b:7b:f9:ee:4c:f1:
fd:f3:36:8e:9f:b5:54:d2:0b:c8:10:da:83:08:bb:8d:4a:c0:
9e:1e:e6:67:b3:fd:66:2a:75:79:87:1c:0e:d3:37:ec:10:88:
23:47:46:d1:97:8d:80:86:90:fc:65:78:a1:04:29:4b:57:c8:
85:27:f2:2a:94:79:7c:cd:91:6b:b6:16:81:fa:c1:6a:5b:ff:
7c:22:1f:91:e3:e4:c3:70:55:a7:be:bb:7e:57:ff:f5:27:b7:
a6:10:57:1b:fa:45:9b:77:4e:c0:c6:7e:63:96:00:50:3f:4f:
c3:41:90:c8:ec:86:f3:e1
Код сервера:
ServerThread::ServerThread(qintptr ID, QObject *parent) : QThread(parent)
{
QFile keyFile(":/Certificates/Certificates/key.pem");
keyFile.open(QIODevice::ReadOnly);
this->key = QSslKey(keyFile.readAll(), QSsl::Rsa);
keyFile.close();
cert = QSslCertificate::fromPath(":/Certificates/Certificates/cert.pem");
this->socket_descriptor = ID;
}
void ServerThread::run()
{
ssl_socket = new QSslSocket();
connect(ssl_socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrors(QList<QSslError>)));
connect(ssl_socket, SIGNAL(encrypted()), this, SLOT(encrypted()));
connect(ssl_socket, SIGNAL(readyRead() ), this, SLOT(readyRead() ), Qt::DirectConnection);
connect(ssl_socket, SIGNAL(disconnected() ), this, SLOT(disconnected() ));
ssl_socket->setPrivateKey(key);
ssl_socket->setCaCertificates(cert);
ssl_socket->setPeerVerifyMode(QSslSocket::VerifyNone);
if(!ssl_socket->setSocketDescriptor(this->socket_descriptor))
{
qDebug() << ssl_socket->errorString();
emit error(ssl_socket->error());
return;
}
else // if ok
{
ssl_socket->startServerEncryption();
exec();
}
}
void ServerThread::encrypted()
{
qDebug() << "Client connected";
}
void ServerThread::readyRead()
{
QByteArray Data = ssl_socket->readAll();
qDebug() << socket_descriptor << " Message: " << Data;
ssl_socket->write("OK");
}
void ServerThread::disconnected()
{
qDebug() << "Client disconnected";
qDebug() << "Disconnected err : " << ssl_socket->errorString();
qDebug() << "error :" << ssl_socket->error() << "protocol" << ssl_socket->protocol();
ssl_socket->deleteLater();
exit(0);
}
void ServerThread::sslErrors(QList<QSslError> errors)
{
for(QSslError e : errors ){
qDebug() << "sslerror " << e.errorString();
}
}
Код клиента:
Tcp::Tcp(QObject *parent) : QObject(parent)
{
}
void Tcp::SSLConnect()
{
ssl_socket = new QSslSocket();
ssl_socket->ignoreSslErrors(QList<QSslError>() << QSslError::SelfSignedCertificate);
connect(ssl_socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrors(QList<QSslError>)));
connect(ssl_socket, SIGNAL(encrypted() ), this, SLOT(encrypted() ) );
connect(ssl_socket, SIGNAL(disconnected() ), this, SLOT(disconnected() ) );
connect(ssl_socket, SIGNAL(readyRead() ), this, SLOT(readyRead() ) );
quint16 port = 37821;
ssl_socket->setPeerVerifyMode(QSslSocket::VerifyPeer);
ssl_socket->connectToHostEncrypted("127.0.0.1", port);
if (ssl_socket->waitForEncrypted(3000)) {
qDebug() << "Encrypted connection established";
}
else {
emit Server_Disconnected();
}
}
void Tcp::encrypted()
{
emit Server_Connected();
emit Logger("Connected to server", "green");
ssl_socket->write("hi");
}
void Tcp::disconnected()
{
emit Server_Disconnected();
emit Logger(ssl_socket->errorString(), "red");
}
void Tcp::readyRead()
{
qDebug() << "Reading... " << ssl_socket->readAll();
}
void Tcp::sslErrors(QList<QSslError> errors)
{
for(QSslError e : errors ){
emit Logger(e.errorString(), "red");
}
}
I get error: "Ошибка при рукопожатии SSL: ошибка: 14201076: процедуры SSL: tls_choose_sigalg: нет подходящего алгоритма подписи"