Qt中的SSL通信

zxz1984

http://xizhizhu.blogspot.com/200 ... -communication.html

SSL is widely used nowadays to provide secure communication, whichperforms as a new layer between TCP and application. In Qt, theQSslSocket class provides an SSL encrypted socket for both servers andclients.

1.Client
The following steps are most commonly used:
a) call QSslSocket.setProtocol() and other functions to set the parameters of SSL;
b) call QSslSocket.connectToHostEncrypted() to connect to a server;
c) the QSslSocket.encrypted() signal is emitted when the connection and handshake are done;
d) call QSslSocket.peerCertificate() to get the certificate of the server and decide whether to accept it;
e)once secure connection established, the way to read and write afterconnection of QSslSocket performs exactly like that of QTcpSocket.

Notice: whenever an error occurs, signal QSslSocket.sslErrors() will be emitted. If the errors are not ignored (by calling QSslSocket.ignoreSslErrors()), the connection fails.

The following example shows how to do the above steps in real code.

// ssl-client.h
#include <QObject>
#include <QSslSocket>
#include <QString>
class
SSLClient:
public
QObject
{
  Q_OBJECT
public:
SSLClient(QObject* parent =
0);
void start(QString hostName, quint16 port);
public slots:
// handle the signal of QSslSocket.encrypted()
void connectionEstablished();
// handle the signal of QSslSocket.sslErrors()
void errorOccured(const
QList<QSslError>
&error);
private:
QSslSocket client;
};
// ssl-client.cc
#include "ssl-client.h"
#include <QByteArray>
#include <QList>
#include <QSslCertificate>
#include <QString>
SSLClient::SSLClient(QObject* parent):
QObject(parent)
{
  connect(&client, SIGNAL(encrypted()),
this, SLOT(connectionEstablished()));
  connect(&client, SIGNAL(sslErrors(const
QList<QSslError>
&)),
this, SLOT(errorOccured(const
QList<QSslError>
&)));
}
void
SSLClient::errorOccured(const
QList<QSslError>
& error)
{
// simply ignore the errors
// it should be very careful when ignoring errors
  client.ignoreSslErrors();
}
void
SSLClient::connectionEstablished()
{
// get the peer's certificate
QSslCertificate cert = client.peerCertificate();
// write on the SSL connection
  client.write("Hello, world",
13);
}
void
SSLClient::start(QString hostName, quint16 port)
{
  client.connectToHostEncrypted(hostName, port);
}
// main.cc
#include "ssl-client.h"
#include <qapplication>
int main(int argc,
char** argv)
{
QApplication app(argc, argv);
SSLClient client;
  client.start("127.0.0.1",
8888);
return app.exec();
}

2.Server
The following steps are usually used:
a) call QSslSocket.setLocalCertificate() to set the certificate;
b) override QTcpServer.incomingConnection() doing:
call QSslSocket.setSocketDescriptor() to bind SSL to the newly incoming connection;
call QSslSocket.startServerEncryption() to initialize the SSL handshake;
c) the QSslSocket.encrypted() signal is emitted when the connection and handshake are done;
d)once secure connection established, the way to read and write afterconnection of QSslSocket performs exactly like that of QTcpSocket.

Sorry, I'm too lazy to write the sample code for the server :P

P.S. You should add the OpenSSL support when compiling Qt, using ./configure -openssl, and the OpenSSL development package (libcurl3-openssl-dev or libcurl4-openssl-dev in Ubuntu) should be installed yourself.

[ 本帖最后由 zxz1984 于 2009-1-13 03:04 编辑 ]