[讨论]QT MQTT 使用SSL连接不成功。 [复制链接]

QT5.9.1， 自编译的qmqtt。
设置如下：
            QSslSocket ssl_socket;
            ssl_socket.setPrivateKey(CERTS_ROOT_FILE + QString( "/qt/client.key"));
            ssl_socket.setLocalCertificate(CERTS_ROOT_FILE + QString( "/qt/client.crt"));
            ssl_socket.setPeerVerifyMode(QSslSocket::VerifyPeer);//双向验证

            QSslConfiguration ssl_config=QSslConfiguration::defaultConfiguration();
            ssl_config.setCaCertificates(QSslCertificate::fromPath(CERTS_ROOT_FILE + QString( "/qt/rootCA.pem")));
            ssl_config.setPrivateKey(ssl_socket.privateKey());
            ssl_config.setLocalCertificate(ssl_socket.localCertificate());
            ssl_config.setPeerVerifyMode(QSslSocket::VerifyPeer);
            ssl_config.setPeerVerifyDepth(1);
            ssl_config.setProtocol(QSsl::TlsV1_2);

            m_client = new QMQTT::Client(hostName, hostPort, ssl_config);

证书使用的是QT example里自带的，MQTT.FX-1.3.1用此证书可以连接服务器的EMQ (mqtt服务器),但是在QT里返回SocketRemoteHostClosedError错误码；通过抓包分析，客户端发送了client hello，但是服务端没有返回server hello，直接被服务端断开了。

CA证书信息打印如下：
SSL PrivateKey= QSslKey(PrivateKey, RSA, 2048)

SSL Certificate= QSslCertificate("1", "cf:92:41:43:f2:2b:21:df", "5Ltrx4+lQOYuU3xgmo9+kA==", (), (), QMap(), QDateTime(2018-07-03 09:32:51.000 UTC Qt::TimeSpec(UTC)), QDateTime(2023-07-02 09:32:51.000 UTC Qt::TimeSpec(UTC)))

SSL rootCA= (QSslCertificate("3", "90:df:de:17:8d:6d:f3:fa", "NNWCXsw6NZACk5nwTB5d4w==", (), (), QMap(), QDateTime(2018-07-03 09:32:50.000 UTC Qt::TimeSpec(UTC)), QDateTime(2023-07-02 09:32:50.000 UTC Qt::TimeSpec(UTC))))


emq日志打印如下：
2020-03-15 00:15:15.814 [warning] [Channel] connection failed to establish: {ssl_error,
                                           {tls_alert,
                                            {certificate_unknown,
                                             "TLS server: In state certify received CLIENT ALERT: Fatal - Certificate Unknown\n"}}}
2020-03-15 00:15:15.888 [warning] [Channel] connection failed to establish: {ssl_error,
                                           {tls_alert,
                                            {certificate_unknown,
                                             "TLS server: In state certify received CLIENT ALERT: Fatal - Certificate Unknown\n"}}}
2020-03-15 00:15:16.718 [warning] [Channel] connection failed to establish: {ssl_error,
                                           {tls_alert,
                                            {certificate_unknown,
                                             "TLS server: In state certify received CLIENT ALERT: Fatal - Certificate Unknown\n"}}}

应该是缺少 openssl 库

20091001753:应该是缺少 openssl 库 (2020-03-15 18:37) 

应该不是吧， ssleay32.dll和libeay32.dll添加到Qt的bin目录了，并且QT这边都已经发送了Client Hello了。

目标地址不能为域名，要IP地址。另外，ssl_config.setPeerVerifyMode(QSslSocket::QueryPeer); 模式 如果是 QSslSocket::VerifyPeer  自制的证书好像不太行。

看提示信息 //   if (!QSslSocket::supportsSsl()) {
//      qDebug() << "warning: notSupportsSsl";
//   }

//   qDebug()<<QSslSocket::sslLibraryBuildVersionString();
    //qDebug() << QSslSocket::sslLibraryVersionString();