[Solved] Https page works in Windows but not in Linux
Hi everybody,
I wrote a small program under Linux which uses QWebView to display Web pages. When I tested this with HTTPS sites I stumbled upon a site (https://www.vertriebspartner.de.o2.com) which results in a blank page. I tried the exact same code under Windows and there everything works. The only difference I saw was that under Windows the onSslError() displays ‘The certificate has expired’ message which I didn’t see under Linux. Under Linux it doesn’t display any error message! The only other difference I noticed was that under Windows the OpenSSL ssleay32.dll version 0.9.8.14 is used but under Linux it’s libssl.so.1.0.0
I also tested another QtWebKit based browser (Arora 0.11.0) (but only under Linux) and it shows the same blank page and it gets stuck at 10%. But when I used the KDE rekonq browser or Googles Chrome, then the page gets loaded. So It seems to me it is not a WebKit problem, but they are obviously doing something differently then the plain QtWebKit based browsers. But I’m not an SSL expert, so I don’t know whether I’m supposed to do something different under Linux and I was not able to find out what rekonq is doing differently.
Out of sheer desperation I even build Qt5 and tested my program with it, just to see whether it might be a (fixed) bug in Qt, but it shows the same blank page.
I’m running out of ideas, so if somebody could give me a hint what I have to do, it would be greatly appreciated.
My environment is: – Kubuntu 12.04 (64-Bit) / Windows XP (32-Bit) – QtSdk 1.2.1 (Qt 4.8.1) (Windows and Linux)
Regards Peter
PS: I tried the solution from this thread http://qt-project.org/forums/viewthread/15949/ but this didnt’ help
mainwindow.h:
- #ifndef MAINWINDOW_H
- #define MAINWINDOW_H
- #include <QtGui/QMainWindow>
- #include <QtNetwork/QNetworkReply>
- {
- Q_OBJECT
- public:
- private slots:
- };
- #endif // MAINWINDOW_H
mainwindow.cpp:
- #include "mainwindow.h"
- #include <QDebug>
- #include <QtGui/QApplication>
- #include <QtWebKit/QWebView>
- #include <QtNetwork/QSslError>
- #include <QtNetwork/QSslConfiguration>
- {
- connect(view->page()->networkAccessManager(), SIGNAL(sslErrors(QNetworkReply*, const QList<QSslError> & )),
- view->show();
- setCentralWidget( view );
- }
- {
- qDebug() << "onSslErrors: ";
- qDebug() << "ssl error: " << e;
- reply->ignoreSslErrors();
- }
- int main(int argc, char *argv[])
- {
- MainWindow w;
- w.show();
- return application.exec();
- }
WebViewBrowser.pro:
- #-------------------------------------------------
- #
- # Project created by QtCreator 2012-08-18T12:25:22
- #
- #-------------------------------------------------
- QT += core gui webkit network
- CONFIG += debug
- TARGET = WebViewBrowser
- TEMPLATE = app
- SOURCES += mainwindow.cpp
- HEADERS += mainwindow.h
12 replies
I’ve compiled Qt5 myself and it didn’t work, so I don’t think that is the problem. I’m not (yet) an SSL expert and I hoped I can avoid becoming one ;-) , but my current guess is that is has something to do with the certificates installed on my machine.
The biggest problem is that I’m not getting any error message what so ever, which would give me a hint to what is wrong.
Regards Peter
So, your onSslErrors function didn’t even get fired?
Can you try to download website certificate and test it with QSslCertificate [qt-project.org] ?
And maybe playing with QSslConfiguration [qt-project.org] can help you…
So, your onSslErrors function didn’t even get fired?
No, not in Linux. But on windows (as i wrote ;-) ) I did get ‘The certificate has expired’.
Can you try to download website certificate and test it with QSslCertificate [qt-project.org] ?
Well, that’s why I said I’m not an SSL expert ;-) Could you give me some pointers on how to do this and what I have to look for?
Thank you for your help.
Regards Peter
Ok, i have started fresh Ubuntu 12.04 under VirutalBox and can see the same problem.
The problem is in the openssl. You can test it by yourself.(in console)
- openssl s_client -showcerts -connect www.vertriebspartner.de.o2.com:443
It will stack right after connection is established. SSL certificate from website uses TLSv1 , no idea why original openssl from Ubuntu can’t just switch right to TLSv1 protocol….
Using following option works just fine:
- openssl s_client -showcerts -tls1 -connect www.vertriebspartner.de.o2.com:443
So, try to set following ssl configuration for QNetworkAccessManager of your WebPage:
OK, so I modified main() like this:
- int main(int argc, char *argv[])
- {
- MainWindow w;
- w.show();
- return application.exec();
- }
which I hope is correct because I couldn’t figure out how I get the ‘sslSocket’ from the QNetworkAccessManager. But it didn’t change anything :-(
One think I noted though was when I ran one of the openssl commands you gave me, I get:
‘Verify return code: 20 (unable to get local issuer certificate)’
and then it just hangs.
It is known BUG in Ubuntu, where is a lot BUGs around this problem with openssl. For example: Bug #965371 [bugs.launchpad.net]
I have tested it too with QSslConfiguration::setDefaultConfiguration and with QNetworkAccessManager(subclassing QNAM and overriding createRequest function), it just doesn’t work…
Looks like Qt BUG, because sslConfig.setProtocol( QSsl::TlsV1 ); should work, and work in openssl client and in Python using openssl too.
Maybe you can try to rebuild openssl for your Ubuntu…
So I build the OpenSSL version 1.0.1c and made sure the newly build shared libraries are picked up from my test application:
- lsof -p 9052 | grep ssl
- WebViewBr 9052 peter mem REG 8,1 470813 9569610 /usr/local/ssl/lib/libssl.so.1.0.0
- WebViewBr 9052 peter mem REG 8,1 2194319 9569606 /usr/local/ssl/lib/libcrypto.so.1.0.0
but nothing changed. To be honest, I didn’t think it could be an openssl bug because if it were then the questions remains why are Chrome and rekonq working?
So the only option which remains is to wade through the rekonq and KDE Network source and try to find out what it does different :-(
If anybody has another idea or hint, please let me know.
Regards Peter
Finally I got it to work! :-) I don’t quite understand it completely yet, but I do understand that openssl on 12.04 seems to be really messy after all the bug reports I’ve read. But anyway, I simply had to replace:
with
then at least for this specific site it works and for now this is good enough for me.
Thanks again AcerExtensa!
Regards Peter
You must log in to post a reply. Not a member yet? Register here!
