I’m new to using SSL and would like to clarify a couple of things. My issue is a follows:
I’m creating a software that should implement a XML-RPC interface, which should be encrypted. The setup includes a server and some clients. Keyfiles can be assign to the clients as they’re deployed. I’ve tried the following: http://code.google.com/p/qtxmlrpc/ and have gotten it to work just nicely. My issue is that SSL isn’t implemented, but as it’s based on QtTcpSocket I’d assume this can be fixed.
As the clients are “known”, what would a natural authentication scenario look like, and what is required to implement such? Thank you!
Swap in QSslSocket for QTcpSocket.
For a secure connection, use connectToHostEncrypted instead of connectToHost.
(unless you’re negotiating encryption on an initially cleartext channel)
On the server side, you can use QTcpServer, but convert the incoming connection to a QSslSocket rather than QTcpSocket.
You’ll need to use setLocalCertificate and setPrivateKey with your CA cert chain.
To verify client certificates, use setPeerVerifyMode (default behaviour is clients verify server but server accepts any client)
By default, the same set of CAs is trusted as provided by your operating system.
Anyway read http://doc-snapshot.qt-project.org/5.0/qsslsocket.html
and look at the examples