http://xizhizhu.blogspot.com/2009/01/qt-development-vii-ssl-communication.htmlSSL is widely used nowadays to provide secure communication, which performs as a new layer between TCP and application. In Qt, the QSslSocket class provides an SSL encrypted socket for both servers and clients.
1.Client
The following steps are most commonly used:
a) call QSslSocket.setProtocol() and other functions to set the parameters of SSL;
b) call QSslSocket.connectToHostEncrypted() to connect to a server;
c) the QSslSocket.encrypted() signal is emitted when the connection and handshake are done;
d) call QSslSocket.peerCertificate() to get the certificate of the server and decide whether to accept it;
e) once secure connection established, the way to read and write after connection of QSslSocket performs exactly like that of QTcpSocket.
Notice: whenever an error occurs, signal QSslSocket.sslErrors() will be emitted. If the errors are
not ignored (by calling QSslSocket.ignoreSslErrors()), the connection fails.
The following example shows how to do the above steps in real code.
// ssl-client.h
#include <QObject>
#include <QSslSocket>
#include <QString>
class SSLClient: public QObject
{
Q_OBJECT
public:
SSLClient(QObject* parent = 0);
void start(
QString hostName, quint16 port);
public slots:
// handle the signal of QSslSocket.encrypted()
void connectionEstablished();
// handle the signal of QSslSocket.sslErrors()
void errorOccured(const QList<QSslError> &error);
private:
QSslSocket client;
};
// ssl-client.cc
#include "ssl-client.h"
#include <QByteArray>
#include <QList>
#include <QSslCertificate>
#include <QString>
SSLClient::SSLClient(QObject* parent): QObject(parent)
{
connect(&client, SIGNAL(encrypted()),
this, SLOT(connectionEstablished()));
connect(&client, SIGNAL(sslErrors(const QList<QSslError> &)),
this, SLOT(errorOccured(const QList<QSslError> &)));
}
void SSLClient::errorOccured(const QList<QSslError> & error)
{
// simply ignore the errors
// it should be very careful when ignoring errors
client.ignoreSslErrors();
}
void SSLClient::connectionEstablished()
{
// get the peer's certificate
QSslCertificate cert = client.peerCertificate();
// write on the SSL connection
client.write("Hello, world", 13);
}
void SSLClient::start(QString hostName, quint16 port)
{
client.connectToHostEncrypted(hostName, port);
}
// main.cc
#include "ssl-client.h"
#include <qapplication>
int main(int argc, char** argv)
{
QApplication app(argc, argv);
SSLClient client;
client.start("127.0.0.1", 8888);
return app.exec();
}
2.Server
The following steps are usually used:
a) call QSslSocket.setLocalCertificate() to set the certificate;
b) override QTcpServer.incomingConnection() doing:
call QSslSocket.setSocketDescriptor() to bind SSL to the newly incoming connection;
call QSslSocket.startServerEncryption() to initialize the SSL handshake;
c) the QSslSocket.encrypted() signal is emitted when the connection and handshake are done;
d) once secure connection established, the way to read and write after connection of QSslSocket performs exactly like that of QTcpSocket.
Sorry, I'm too lazy to write the sample code for the server :P
P.S. You should add the OpenSSL support when compiling Qt, using ./configure -openssl, and the OpenSSL development package (libcurl3-openssl-dev or libcurl4-openssl-dev in Ubuntu) should be installed yourself.
