我使用以下代码连接到 HTTPS 页面:
QNetworkRequest request(QUrl("https://sso.post.ch/organizer/?login"));
QList<QSslCertificate> cas;
cas.append(QSslCertificate::fromPath("/foo/VerisignCA_G3.crt"));
cas.append(QSslCertificate::fromPath("/foo/VerisignCA_G5.crt"));
QSslConfiguration sslConf;
sslConf.setCaCertificates(cas);
request.setSslConfiguration(sslConf);
QNetworkReply *reply = nam.get(request);
connect(reply, SIGNAL(finished()), this, SLOT(httpFinished()));
connect(&nam, SIGNAL(sslErrors(QNetworkReply *, QList<QSslError>)),
this, SLOT(sslErrors(QNetworkReply *, QList<QSslError>)));
但是,此请求失败并显示以下错误消息(我省略了打印它的代码):
SSL errors occured while connecting to https://sso.post.ch/organizer/?login:
The issuer certificate of a locally looked up certificate could not be found
s:[O=VeriSign, Inc.,CN=VeriSign Class 3 International Server CA - G3,L=,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,S=64:1b:e8:20:ce:02:08:13:f3:2d:4d:2d:95:d6:7e:67]
i:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Trust Network]
The root CA certificate is not trusted for this purpose
s:[O=VeriSign, Inc.,CN=VeriSign Class 3 International Server CA - G3,L=,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,S=64:1b:e8:20:ce:02:08:13:f3:2d:4d:2d:95:d6:7e:67]
i:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Trust Network]
Installed CAs:
0: s:[O=VeriSign, Inc.,CN=VeriSign Class 3 International Server CA - G3,L=,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,S=64:1b:e8:20:ce:02:08:13:f3:2d:4d:2d:95:d6:7e:67]
i:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Trust Network]
1: s:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,S=18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a]
i:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Trust Network]
奇怪的是,这个链从命令行使用 openssl 进行验证:
openssl s_client -CAfile VerisignCA_G5.crt -connect sso.post.ch:443
[...]
Verify return code: 0 (ok)
有人知道我错过了什么吗?
可以找到 VerisignCA_G5.crt here和 Verisign CA_G3.crt (MIIGKT...5mo) 来自服务器提供的链(恕我直言,不需要添加到 CA 列表中)。
感谢您的帮助!
最佳答案
某些证书具有“X509v3 授权 key 标识符”扩展集。这需要该颁发者证书的确切版本,而不仅仅是具有相同主题的证书。
关于qt - 与 Qt 的 SSL 连接失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23018007/