当前位置: 文江博客话题详情

Qt OpenSSL 问题 - 在某些计算机上被阻止(?)

发布于 2024-11-05 16:48:23 字数 336 浏览 0 评论 0原文

我编写了一个使用 OpenSSL 的应用程序。从昨天开始,一切都很好。我编译了应用程序并发送给我的朋友。在他的电脑上应用程序可以打开https。我在其他电脑上打开还是不行。所以我把它给了其他朋友,他无法打开https网站。我很困惑,给了其他人,在他的计算机上我的应用程序正在运行。我不明白情况。以前的版本可以正常运行,没有错误。但我运行了以前的版本,它有效,但也不起作用。我关闭了所有防火墙。一切都没有改变。

有什么建议吗?

我们都有 7x64。我在 XP HE 上测试过,它可以工作,但 bou 在 7 x64 上不起作用。在我朋友的计算机上 7 x64 可以工作,但在 XP HE 上不行。 IMO 操作系统没有任何意义。

原文

I write an app i qt which uses OpenSSL. All was alright, since yesterday. I compiled app and sent to my friend. On his computer application can open https. I open on other computer and it doesn't work. So I gave it to other friend and he can't open https websites. I was confused and gave other guy and on his computer my app is working. I don't understand situation. Previous versions worked without bugs. But i ran previous version which worked and it doesn't work too. I turned off all my firewalls. Nothing changed.

Any suggestions?

We all have 7 x64. I tested on XP HE and it works, bou on 7 x64 doesn't work. On my friend's computer 7 x64 works, but on XP HE doesn't works. IMO Operating System hasn't got any mean.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

亽野灬性zι浪 2024-11-12 16:48:23

默认情况下,Qt 不包含 OpenSSL 的实现,但使用已安装到系统中的库。

安装 Win32 OpenSSL 将使其正常工作。

另一种选择是使用 OpenSSL 构建 Qt。一些信息此处

By default Qt doesn't contain implementation of OpenSSL, but uses libraries already installed into system.

Installing Win32 OpenSSL will make it work.

Another option is to build Qt with OpenSSL. Some info here.

回复 原文
江南烟雨〆相思醉 2024-11-12 16:48:23

如果您仍然无法解决该错误 - 我刚刚遇到了同样的问题。这似乎是 Windows 计算机上的 CA 证书链的问题。详细信息可以在 https://bugreports.qt-project.org/browse/QTBUG 找到-20012

这里还有一个小类可以修复 ca 链,这样应用程序中就不会出现错误。

#ifndef OPENSSLFIX_H
#define OPENSSLFIX_H

#include <QSslConfiguration>

/* this class fixes a problem with qt/openssl and expired ca certificates.
 * the idea is taken from https://bugreports.qt-project.org/browse/QTBUG-20012
 * which describes the problem and the workaround further. the workaround is
 * scheduled for qt5, but will not be introduced into qt4.x.
 *
 * to use this fix just call it in main() before doing any network related 
 * stuff
 *
 * OpenSslFix::fixCaCertificates();
 *
 * it will go through the certificates and remove invalid certs from the chain,
 * thus avoiding the error to arise.
 */
class OpenSslFix {
public:
    static void fixCaCertificates()
    {
        QSslConfiguration config(QSslConfiguration::defaultConfiguration());
        QList<QSslCertificate> in(config.caCertificates());
        QList<QSslCertificate> out;

        for (int i=0, size=in.size(); i<size; ++i) {
            const QSslCertificate &c(in[i]);
            if (c.isValid()) {
                /* not expired -> add */
                out << c;
                continue;
            }

            /* check if the cert is already present in the output */
            bool found = false;
            for (int j=0, size=out.size(); j<size; ++j) {
                if (isCertificateSameName(c, out[j])) {
                    /* already present... */
                    found = true;
                    break;
                }
            }

            if (!found)
                out << c;
        }

        /* now set the new list as the default */
        config.setCaCertificates(out);
        QSslConfiguration::setDefaultConfiguration(config);
    }

private:
    static inline bool isCertificateSameName(const QSslCertificate &cert1, 
                                             const QSslCertificate &cert2)
    {
        return cert1.subjectInfo(QSslCertificate::Organization) ==
                cert2.subjectInfo(QSslCertificate::Organization) &&
                cert1.subjectInfo(QSslCertificate::CommonName) ==
                cert2.subjectInfo(QSslCertificate::CommonName) &&
                cert1.subjectInfo(QSslCertificate::LocalityName) ==
                cert2.subjectInfo(QSslCertificate::LocalityName) &&
                cert1.subjectInfo(QSslCertificate::OrganizationalUnitName) ==
                cert2.subjectInfo(QSslCertificate::OrganizationalUnitName) &&
                cert1.subjectInfo(QSslCertificate::StateOrProvinceName) ==
                cert2.subjectInfo(QSslCertificate::StateOrProvinceName) &&
                cert1.subjectInfo(QSslCertificate::CountryName) ==
                cert2.subjectInfo(QSslCertificate::CountryName);
    }
};

#endif // OPENSSLFIX_H

In case you have still no solution to the error - I just ran over the same issue. It seems to be a problem with the CA certficate chain on the Windows computer. The details can be found at https://bugreports.qt-project.org/browse/QTBUG-20012.

Here's also a little class which fixes the ca chain so the error should not occur in the application.

#ifndef OPENSSLFIX_H
#define OPENSSLFIX_H

#include <QSslConfiguration>

/* this class fixes a problem with qt/openssl and expired ca certificates.
 * the idea is taken from https://bugreports.qt-project.org/browse/QTBUG-20012
 * which describes the problem and the workaround further. the workaround is
 * scheduled for qt5, but will not be introduced into qt4.x.
 *
 * to use this fix just call it in main() before doing any network related 
 * stuff
 *
 * OpenSslFix::fixCaCertificates();
 *
 * it will go through the certificates and remove invalid certs from the chain,
 * thus avoiding the error to arise.
 */
class OpenSslFix {
public:
    static void fixCaCertificates()
    {
        QSslConfiguration config(QSslConfiguration::defaultConfiguration());
        QList<QSslCertificate> in(config.caCertificates());
        QList<QSslCertificate> out;

        for (int i=0, size=in.size(); i<size; ++i) {
            const QSslCertificate &c(in[i]);
            if (c.isValid()) {
                /* not expired -> add */
                out << c;
                continue;
            }

            /* check if the cert is already present in the output */
            bool found = false;
            for (int j=0, size=out.size(); j<size; ++j) {
                if (isCertificateSameName(c, out[j])) {
                    /* already present... */
                    found = true;
                    break;
                }
            }

            if (!found)
                out << c;
        }

        /* now set the new list as the default */
        config.setCaCertificates(out);
        QSslConfiguration::setDefaultConfiguration(config);
    }

private:
    static inline bool isCertificateSameName(const QSslCertificate &cert1, 
                                             const QSslCertificate &cert2)
    {
        return cert1.subjectInfo(QSslCertificate::Organization) ==
                cert2.subjectInfo(QSslCertificate::Organization) &&
                cert1.subjectInfo(QSslCertificate::CommonName) ==
                cert2.subjectInfo(QSslCertificate::CommonName) &&
                cert1.subjectInfo(QSslCertificate::LocalityName) ==
                cert2.subjectInfo(QSslCertificate::LocalityName) &&
                cert1.subjectInfo(QSslCertificate::OrganizationalUnitName) ==
                cert2.subjectInfo(QSslCertificate::OrganizationalUnitName) &&
                cert1.subjectInfo(QSslCertificate::StateOrProvinceName) ==
                cert2.subjectInfo(QSslCertificate::StateOrProvinceName) &&
                cert1.subjectInfo(QSslCertificate::CountryName) ==
                cert2.subjectInfo(QSslCertificate::CountryName);
    }
};

#endif // OPENSSLFIX_H
回复 原文
童话 2024-11-12 16:48:23

尝试使用 QSslSocket::ignoreSslErrors()< /a> 方法。

我也遇到过这样的问题,使用这个功能为我解决了这些问题。

Try to use QSslSocket::ignoreSslErrors() method.

I also had such problems and using this function solved them for me.

回复 原文
~没有更多了~

关于作者

离不开的别离

暂无简介

0 文章
0 评论
570 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lorenzathorton8

文章 0 评论 0

Zero

文章 0 评论 0

萧瑟寒风

文章 0 评论 0

mylayout

文章 0 评论 0

tkewei

文章 0 评论 0

17818769742

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文