查看完整版本: [-- QT MQTT 使用SSL连接不成功。 --]

QTCN开发网 -> 《Qt高级编程》专栏 -> QT MQTT 使用SSL连接不成功。 [打印本页] 登录 -> 注册 -> 回复主题 -> 发表主题

angrycat 2020-03-15 18:26

QT MQTT 使用SSL连接不成功。

QT5.9.1, 自编译的qmqtt。
设置如下:
            QSslSocket ssl_socket;
            ssl_socket.setPrivateKey(CERTS_ROOT_FILE + QString( "/qt/client.key"));
            ssl_socket.setLocalCertificate(CERTS_ROOT_FILE + QString( "/qt/client.crt"));
            ssl_socket.setPeerVerifyMode(QSslSocket::VerifyPeer);//双向验证

            QSslConfiguration ssl_config=QSslConfiguration::defaultConfiguration();
            ssl_config.setCaCertificates(QSslCertificate::fromPath(CERTS_ROOT_FILE + QString( "/qt/rootCA.pem")));
            ssl_config.setPrivateKey(ssl_socket.privateKey());
            ssl_config.setLocalCertificate(ssl_socket.localCertificate());
            ssl_config.setPeerVerifyMode(QSslSocket::VerifyPeer);
            ssl_config.setPeerVerifyDepth(1);
            ssl_config.setProtocol(QSsl::TlsV1_2);

            m_client = new QMQTT::Client(hostName, hostPort, ssl_config);

证书使用的是QT example里自带的,MQTT.FX-1.3.1用此证书可以连接服务器的EMQ (mqtt服务器),但是在QT里返回SocketRemoteHostClosedError错误码;通过抓包分析,客户端发送了client hello,但是服务端没有返回server hello,直接被服务端断开了。

CA证书信息打印如下:
SSL PrivateKey= QSslKey(PrivateKey, RSA, 2048)

SSL Certificate= QSslCertificate("1", "cf:92:41:43:f2:2b:21:df", "5Ltrx4+lQOYuU3xgmo9+kA==", (), (), QMap(), QDateTime(2018-07-03 09:32:51.000 UTC Qt::TimeSpec(UTC)), QDateTime(2023-07-02 09:32:51.000 UTC Qt::TimeSpec(UTC)))

SSL rootCA= (QSslCertificate("3", "90:df:de:17:8d:6d:f3:fa", "NNWCXsw6NZACk5nwTB5d4w==", (), (), QMap(), QDateTime(2018-07-03 09:32:50.000 UTC Qt::TimeSpec(UTC)), QDateTime(2023-07-02 09:32:50.000 UTC Qt::TimeSpec(UTC))))


emq日志打印如下:
2020-03-15 00:15:15.814 [warning] [Channel] connection failed to establish: {ssl_error,
                                           {tls_alert,
                                            {certificate_unknown,
                                             "TLS server: In state certify received CLIENT ALERT: Fatal - Certificate Unknown\n"}}}
2020-03-15 00:15:15.888 [warning] [Channel] connection failed to establish: {ssl_error,
                                           {tls_alert,
                                            {certificate_unknown,
                                             "TLS server: In state certify received CLIENT ALERT: Fatal - Certificate Unknown\n"}}}
2020-03-15 00:15:16.718 [warning] [Channel] connection failed to establish: {ssl_error,
                                           {tls_alert,
                                            {certificate_unknown,
                                             "TLS server: In state certify received CLIENT ALERT: Fatal - Certificate Unknown\n"}}}

20091001753 2020-03-15 18:37
应该是缺少 openssl 库

angrycat 2020-03-15 18:59
20091001753:应该是缺少 openssl 库 (2020-03-15 18:37) 

应该不是吧, ssleay32.dll和libeay32.dll添加到Qt的bin目录了,并且QT这边都已经发送了Client Hello了。

angrycat 2020-03-16 00:47
目标地址不能为域名,要IP地址。另外,ssl_config.setPeerVerifyMode(QSslSocket::QueryPeer); 模式 如果是 QSslSocket::VerifyPeer  自制的证书好像不太行。

helloworld1l 2021-08-30 13:51
看提示信息 //   if (!QSslSocket::supportsSsl()) {
//      qDebug() << "warning: notSupportsSsl";
//   }

//   qDebug()<<QSslSocket::sslLibraryBuildVersionString();
    //qDebug() << QSslSocket::sslLibraryVersionString();


查看完整版本: [-- QT MQTT 使用SSL连接不成功。 --] [-- top --]



Powered by phpwind v8.7 Code ©2003-2011 phpwind
Gzip disabled