May 12, 2011

PSI-lbc PSI-lbc
Lab Rat
50 posts

HTTPS via Qt QWebView not working in all cases

 

I started this on the general forum but decided to add it here as well because this seems to be the more appropriate venue.

More details about the problem can be found on that thread..
http://developer.qt.nokia.com/forums/viewthread/5775/

Thinking that maybe it was code in my existing project causing the problem, I created a brand new project. The project only has the main window that contains a QWebView widget. Project was created using Qt Creator 2.2.

  1. #-------------------------------------------------
  2. #
  3. # Project created by QtCreator 2011-05-11T07:33:27
  4. #
  5. #-------------------------------------------------
  6.  
  7. QT += core gui
  8. QT += webkit
  9.  
  10. TARGET = TestStuff
  11. TEMPLATE = app
  12.  
  13.  
  14. SOURCES += main.cpp\
  15.         MainWindow.cpp
  16.  
  17. HEADERS  += MainWindow.h
  18.  
  19. FORMS    += MainWindow.ui

This is painfully simple. Just executing one line of code…the “ui->webView->load”.

  1. #include "MainWindow.h"
  2. #include "ui_MainWindow.h"
  3.  
  4. MainWindow::MainWindow(QWidget *parent) :
  5.     QMainWindow(parent),
  6.     ui(new Ui::MainWindow)
  7. {
  8.     ui->setupUi(this);
  9.  
  10. //**this line loads a simple html file and displays it.  Doing a "form POST" from within the loaded html to a secure https website does not work.
  11.     //ui->webView->load( QUrl::fromLocalFile(QApplication::applicationDirPath() + "/" + "Help" + "/" + "h-2BuyButton-SFA.html") );
  12.  
  13. //**this line works fine.  The qt.gitorious.org https website opens and displays in the webview
  14.     //ui->webView->load(QUrl("https://qt.gitorious.org/"));
  15.  
  16. //**this line does not work. Actual url elided.  Nothing is loaded or displayed in the webview
  17. .
  18.     ui->webView->load(QUrl("https://mysecure.gateway.com/really.secure"));
  19.  
  20. }
  21.  
  22. MainWindow::~MainWindow()
  23. {
  24.     delete ui;
  25. }

I can open the simple html file with Internet Explorer and it will display. When I click a “buy” button, my secure https website opens at the order entry page.

I can open Internet Explorer and paste the “https://qt.gitorious.org/” url into the navigate to bar and visit the Qt https website.

I can open Internet Explorer and paste the “https://mysecure.gateway.com/really.secure” url into the the navigate to bar and visit my https order processing website.

So what is preventing the webview from visiting my https order processing website?

Why does loading one https website work, but not the other?

I also tried the complete project(not the downsized project shown above) on a Mac with the same results.

Is this a bug that needs to be reported?

10 replies

May 13, 2011

PSI-lbc PSI-lbc
Lab Rat
50 posts

Evidently this problem has been around for a while. Found a thread on the Qt Centre forum from 2009 that was experiencing something similar. Was able to tweak code as follows…

In my “form” instantiation, I connected the qwebview’s qnam to the appropriate signal and slot before loading the https url into the webview…

  1.   connect(ui->webView->page()->networkAccessManager(),
  2.           SIGNAL(sslErrors(QNetworkReply*, const QList<QSslError> & )),
  3.           this,
  4.           SLOT(sslErrorHandler(QNetworkReply*, const QList<QSslError> & )));

In the .h

  1. void sslErrorHandler(QNetworkReply* qnr, const QList<QSslError> & errlist);

In the .cpp

  1. void frmBuyIt::sslErrorHandler(QNetworkReply* qnr, const QList<QSslError> & errlist)
  2. {
  3.  
  4.   #if DEBUG_BUYIT
  5.   qDebug() << "---frmBuyIt::sslErrorHandler: ";
  6.   // show list of all ssl errors
  7.   foreach (QSslError err, errlist)
  8.     qDebug() << "ssl error: " << err;
  9.   #endif
  10.  
  11.    qnr->ignoreSslErrors();
  12. }

The ssl errors happen and are ignored…which allows my https webpage to load.

November 10, 2011

pekwood pekwood
Lab Rat
1 posts

I meet the smae issue. I will try on the way, thx.

December 12, 2011

viktor.benei viktor.benei
Lab Rat
39 posts

Same problem here, and cannot find any other solution except the ignoreSslErrors() which is a dirty hack especially for our system which stores personal informations.

December 12, 2011

peppe peppe
Ant Farmer
1028 posts

What’s that supposed to mean? Are you 100% sure that your server certificate should be regarded as valid by Qt?

 Signature 

Software Engineer
KDAB (UK) Ltd., a KDAB Group company

December 13, 2011

viktor.benei viktor.benei
Lab Rat
39 posts

What I tried: with the same communication code (based on QNetworkAccessManager) https://twitter.com can be reqested and it doesn’t emit the sslErrors(…) signal. But it does for our site.

The site’s certificate is accepted by Google Chrome, Internet Explorer, Opera, Firefox, … But QNetworkAccessManager emits sslErrors(…) with these QSslErrors:

  1. BaseNetworkRequest::_sslErrors : Error:  "The issuer certificate of a locally looked up certificate could not be found"
  2. BaseNetworkRequest::_sslErrors : Error:  "The root CA certificate is not trusted for this purpose"
  3. BaseNetworkRequest::_sslErrors : Error:  "No certificates could be verified"

I tried to manually add the cert to the request, but it still emits these SslErrors.

  1.     QFile certFile(QString(":/aw_cert4_der"));
  2.     Q_ASSERT(certFile.open(QIODevice::ReadOnly));
  3.     QByteArray certContent = certFile.readAll();
  4.     DLog("Cert: ") << certContent;
  5.     QSslCertificate cert(certContent, QSsl::Der);
  6.  
  7.     DLog("Is cert valid: ") << cert.isValid();
  8.     DLog("Cert info: ") << cert.effectiveDate() << cert.expiryDate() << cert.issuerInfo(QSslCertificate::Organization);
  9.  
  10.     QSslConfiguration sslConfig = networkRequest->sslConfiguration();
  11.     QList<QSslCertificate> caCerts = sslConfig.caCertificates();
  12.     caCerts.append(cert);
  13.     sslConfig.setCaCertificates(caCerts);
  14.     networkRequest->setSslConfiguration(sslConfig);

cert.isValid() return true, and I can get the effectiveDate and the other certificate information and are all correct.

Am I missing something? I Googled a lot and the only solution I found is to call the QNetworkReply’s ignoreSslErrors() method, which works, but I don’t want to use it if I not have to.

June 11, 2012

Jason.Dolan Jason.Dolan
Lab Rat
17 posts

Has this been submitted as a bug to QT?

We are getting this within our project as well but can’t determine if it’s an issue on our side or if the site we’re connecting to has an invalid certificate. Connecting to them via firefox seems to work fine 9 times out of 10 (where the tenth time firefox shows a “untrusted certificate” error).

February 17, 2013

kmansh kmansh
Lab Rat
2 posts

Hi,

I do not understand if there is a solution to the above problem ?

I am using Qt4.8.3. some Https pages are loaded other do not, and for those not, I do not get any ssl

errors, so It is hard to find where the problem is.

Does anyone have a solution ? Any help would be great.

Thanks

December 6, 2013

MeerMusik MeerMusik
Ant Farmer
60 posts

Hello!

I started to implement a simple WebView (which i will enhance at later state) in my Application and i can not open any https://<site> even with SSL Errors ignored.

I am running QT 5.2.0 RC1 Build 186 on a Windows 7 ×64 Machine.

Is there any Chance to get WebView to Show/Open SSL Sites? I need to use/work with these SSL Certificates on specific Servers. What additional Qt Stuff do i need to implement or connect to WebView? I dont want you to write the Code for me ;) I have googled many Sites and i am sure that i have overseen something.

Or is WebView not being able to handle SSL at all??? If not, what should i use to open https Links internally in the WebView?

I am new to QT and to C++ so it would be nice if someone can point me in the right Direction. Thank You! :)

Oliver

December 8, 2013

Eus Eus
Lab Rat
138 posts

Resurecting old thread, eh?

You should read the suggestions and sample codes above, specially the one of PSI-lbc

As a side note, make sure you open the correct page, the one for which the certificate is valid , for example, if the certificate was issued for www.example.com, it will show as invalid for example.com or sub.example.com

July 22, 2014

mcg2 mcg2
Lab Rat
1 posts

resurrecting old thread, i know.. but to use the windows cert ca store, see example below. enjoy.

  1. QList<QSslCertificate> readWindowsCa(){
  2.      QList<QSslCertificate> ca_list;
  3.      HCERTSTORE hStore = CertOpenSystemStore(NULL, L"CA");
  4.      X509 *cert;
  5.      for ( PCCERT_CONTEXT pCertCtx = CertEnumCertificatesInStore(hStore, NULL); pCertCtx != NULL; pCertCtx = CertEnumCertificatesInStore(hStore, pCertCtx) ){
  6.         // pCertCtx.cbCertEncoded
  7.         cert = d2i_X509(NULL, (const OPENSSL_d2i_TYPE) &pCertCtx->pbCertEncoded, pCertCtx->cbCertEncoded);
  8.         BIO *bio = NULL;
  9.         char *pem = NULL;
  10.         if (NULL == cert) {
  11.             continue;
  12.         }
  13.         bio = BIO_new(BIO_s_mem());
  14.         if (NULL == bio) {
  15.             continue;
  16.         }
  17.         if (0 == PEM_write_bio_X509(bio, cert)) {
  18.             BIO_free(bio);
  19.             continue;
  20.         }
  21.         pem = (char *) malloc(bio->num_write + 1);
  22.         if (NULL == pem) {
  23.             BIO_free(bio);
  24.             continue;
  25.         }
  26.         memset(pem, 0, bio->num_write + 1);
  27.         BIO_read(bio, pem, bio->num_write);
  28.         BIO_free(bio);
  29.         QSslCertificate *cert_new = new QSslCertificate(pem,QSsl::Pem);
  30.         ca_list.append(*cert_new);
  31.         free(pem);
  32.         X509_free(cert);
  33.      }
  34.      CertCloseStore(hStore, 0);
  35.      return ca_list;
  36.  }

you then do the ca caCerts.append(readWindowsCa());

this will load most of the websites.

 
  ‹‹ What ’s the system level api inside QApplication that QNetworkRequest utilize?      Equivalent direct webkit API for QtWebkit functionality ››

You must log in to post a reply. Not a member yet? Register here!