[SailfishDevel] How to use self-signed certificates transparently in a https POST/GET request with a QT Quick application?

yurumi yurumi at gmx.de
Mon Aug 17 20:30:57 UTC 2015 

Hi,

you could also set a custom QQmlNetworkAccessManagerFactory for Qt Quick
that creates a QNetworkAccessManager that handles SSL errors by ignoring
them:
  http://www.it-digin.com/blog/?p=261
  https://forum.qt.io/topic/16990/ignoring-ssl-errors

Cheers,
Thomas


On 17.08.2015 22:07, Jonni Rainisto wrote:
> Hi,
>
> Really bad for security, but you can for example in main() before creating any connections add these 3 lines of code, which will make application to skip all verifications, so any self signed and invalid certs are also accepted.
>
> <clip>
> QSslConfiguration config = QSslConfiguration::defaultConfiguration();
> config.setPeerVerifyMode(QSslSocket::VerifyNone);
> QSslConfiguration::setDefaultConfiguration(config);
> </clip>
>
> Br, jonni
> ________________________________________
> From: devel-bounces at lists.sailfishos.org [devel-bounces at lists.sailfishos.org] on behalf of juice [juice at swagman.org]
> Sent: Monday, August 17, 2015 10:56 PM
> To: devel at lists.sailfishos.org
> Subject: [SailfishDevel] How to use self-signed certificates transparently in a https POST/GET request with a QT Quick application?
>
> This might be a FAQ or otherwice so self-evident question it just shows
> up my
> stupidity but I really could not find any pointers on how to do this.
>
> Scenario:
>
> I am writing a client application that periodically polls for data from
> a
> web service, located on a server that may either have a real certificate
> or
> might just have a self-signed certificate.
>
> The authenticity of the server is not so important that it definitely
> requires
> a true certificate, it is just enough that the communication between the
> client
> and the server is encrypted. The user anyway configures the used server
> by DNS
> name or IP address and usually the server is controlled by the user
> anyway.
>
> Now how can I do this, so that in the client I need not preload any
> certificates,
> so that for example when the user changes the server address, the next
> request
> just goes thru encrypted, without caring whether the server certificate
> is valid?
>
> Can anybody give me a pointer to some example code?
> Can this be done in QML only or do I need to extend it in a c++ module?
>
>
> --
>     - Juice -
>
> _______________________________________________
> SailfishOS.org Devel mailing list
> To unsubscribe, please send a mail to devel-unsubscribe at lists.sailfishos.org
> _______________________________________________
> SailfishOS.org Devel mailing list
> To unsubscribe, please send a mail to devel-unsubscribe at lists.sailfishos.org

More information about the Devel mailing list