Qt local secure web sockets

Question

I'm working on a Qt application which communicate with my web browser (currently Google Chrome) through a WebSocket.

Everything was working fine until I tried to use secured websockets...

I managed to resolve the issues I had with OpenSSL, so now I should have a working Qt application, but I don't.

I'm using VS2013, and Qt 5.3. I have the following code to start my server:

MyClass::MyClass (quint16 port, QObject *parent) : 
    QWebSocketServer("Press And Listen Server", QWebSocketServer::SecureMode, parent) {

    QSslConfiguration sslConfiguration;
    QFile certFile (QStringLiteral ("localhost.crt"));
    QFile keyFile (QStringLiteral ("localhost.key"));
    certFile.open (QIODevice::ReadOnly);
    keyFile.open (QIODevice::ReadOnly);
    QSslCertificate certificate (&certFile, QSsl::Pem);
    QSslKey sslKey (&keyFile, QSsl::Rsa, QSsl::Pem);
    certFile.close ();
    keyFile.close ();
    sslConfiguration.setPeerVerifyMode (QSslSocket::VerifyNone);
    sslConfiguration.setLocalCertificate (certificate);
    sslConfiguration.setPrivateKey (sslKey);
    sslConfiguration.setProtocol (QSsl::TlsV1SslV3);
    this->setSslConfiguration (sslConfiguration);

    if (!this->listen (QHostAddress::Any, port)) {
        throw ServerNotStartedException () ;
    }
    qDebug () << "Server listenning on: " << port ;
    connect (this, &QWebSocketServer::newConnection, this, &MyClass::onNewConnection);
    connect (this, &QWebSocketServer::closed, this, &MyClass::onClose);
    connect (this, &QWebSocketServer::sslErrors, this, &MyClass::onSslErrors);
}

I created the certificate files using the following method: https://developer.salesforce.com/blogs/developer-relations/2011/05/generating-valid-self-signed-certificates.html

On the browser side, I only have:

var websock = websock = new WebSocket('wss://localhost:52132');

websock.onerror = function (error) {
    console.log('Press & Listen, WS Error: ' + error);
};

websock.onopen = function () {
    console.log('Open!');
};

Unfortunately, everytime I tried, I got the following JS message:

WebSocket connection to 'wss://localhost:52132/' failed: Error in connection establishment: net::ERR_TIMED_OUT

So far:

• QSslSocket::supportsSsl () returns true
• I don't have any QSslSocket: cannot resolve XXX method messages

• OpenSSL DLLs are loaded, VS2013 output the following messages:

  'MyProject.exe' (Win32): Loaded 'I:\Sources\VS2013\x64\Release\ssleay32.dll'. Cannot find or open the PDB file. 'PressAndListenQt.exe' (Win32): Loaded 'I:\Sources\VS2013\x64\Release\libeay32.dll'. Cannot find or open the PDB file.`

I don't know how to find what's wrong, so I'm open to any suggestion!

Edit: I tried to generate a self-signed certificate using the following (instead of the link above):

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 100 -nodes

Now I get another error:

WebSocket connection to 'wss://localhost:52132/' failed: WebSocket opening handshake was canceled

Answer 1

it appears to be the same happens me some days ago. I solved trusting the self signed certificate into certificate snap-in that you can open using the MMC console. Import your certificate both into personal of current user and local computer folders, import certificate also into trusted publishers folder. Remember to remove the certificate after test.

You can the same also for the localhost.cert certificate for tutorial Qt\Examples\Qt-5.5\websockets\sslechoserver\ and see how a websockets web page connect with the wss provided by the tutorial.

This worked for me when websockets from webpage failed to connect with the same error.

(sorry, my English is low :) )

Answer 2

Try modifying url from wss://localhost:52132 to https:// or http://. As a guess wss:// could be rejected by firewalls, and servers for being a custom protocol.

Answer 3

According to your problem statement

• OpenSSL Librarys seems OK
• Qt Code and Html code may be fine
• Secure Server MISSING

There is a sample code in Qt \Examples\Qt-5.x\websockets\sslechoserver also an html file with websocket html code. If we run above sample and look at the web-socket reply it will give error code 1006 Error Codes.

I have looked at the errors occurred and i think it may be because you have not hosted your html code on secure web-server(non https). I suggest you to host your html file on webserver and map it with your certificates for https secure browsing.

Connection termination may be because of insecure sockets or certificate mismatch.

Browser Console

WebSocket connection to 'wss://localhost:1234/' failed: Error in connection establishment: net::ERR_INSECURE_RESPONSE 

Browser trace for URL Request

t=11880 [st= 0] +REQUEST_ALIVE  [dt=17]
t=11880 [st= 0]    URL_REQUEST_DELEGATE  [dt=1]
t=11881 [st= 1]   +URL_REQUEST_START_JOB  [dt=16]
                   --> load_flags = 18 (BYPASS_CACHE | DISABLE_CACHE)
                   --> method = "GET"
                   --> priority = "LOWEST"
                   --> url = "wss://localhost:1234/"
t=11881 [st= 1]      URL_REQUEST_DELEGATE  [dt=0]
t=11881 [st= 1]      HTTP_CACHE_GET_BACKEND  [dt=0]
t=11881 [st= 1]     +HTTP_STREAM_REQUEST  [dt=15]
t=11881 [st= 1]        HTTP_STREAM_REQUEST_STARTED_JOB
                       --> source_dependency = 6025 (HTTP_STREAM_JOB)
t=11896 [st=16]        HTTP_STREAM_REQUEST_BOUND_TO_JOB
                       --> source_dependency = 6025 (HTTP_STREAM_JOB)
t=11896 [st=16]     -HTTP_STREAM_REQUEST
t=11896 [st=16]      URL_REQUEST_DELEGATE  [dt=1]
t=11897 [st=17]      CANCELLED
                     --> net_error = -501 (ERR_INSECURE_RESPONSE)
t=11897 [st=17]   -URL_REQUEST_START_JOB
                   --> net_error = -501 (ERR_INSECURE_RESPONSE)
t=11897 [st=17]    URL_REQUEST_DELEGATE  [dt=0]
t=11897 [st=17] -REQUEST_ALIVE

Browser trace for Http Stream

t=11881 [st= 0] +HTTP_STREAM_JOB  [dt=15]
                 --> alternative_service = "unknown :0"
                 --> original_url = "wss://localhost:1234/"
                 --> priority = "LOWEST"
                 --> source_dependency = 6024 (URL_REQUEST)
                 --> url = "wss://localhost:1234/"
t=11881 [st= 0]   +PROXY_SERVICE  [dt=0]
t=11881 [st= 0]      PROXY_SERVICE_RESOLVED_PROXY_LIST
                     --> pac_string = "DIRECT"
t=11881 [st= 0]      PROXY_SERVICE_DEPRIORITIZED_BAD_PROXIES
                     --> pac_string = "DIRECT"
t=11881 [st= 0]   -PROXY_SERVICE
t=11881 [st= 0]   +SOCKET_POOL  [dt=15]
t=11896 [st=15]      SOCKET_POOL_BOUND_TO_CONNECT_JOB
                     --> source_dependency = 6026 (CONNECT_JOB)
t=11896 [st=15]      SOCKET_POOL_BOUND_TO_SOCKET
                     --> source_dependency = 6029 (SOCKET)
t=11896 [st=15]   -SOCKET_POOL
                   --> net_error = -202 (ERR_CERT_AUTHORITY_INVALID)
t=11896 [st=15]    HTTP_STREAM_JOB_BOUND_TO_REQUEST
                   --> source_dependency = 6024 (URL_REQUEST)
t=11896 [st=15] -HTTP_STREAM_JOB