The server needs to send the intermediate CA certs if the client only
has the root CA in his trusted cert pool.
The .pem cert file needs to look like this:
[key], [server cert], [intermediate CAs], [root CA]
if(isCertValid()) {
serverSocket->setLocalCertificate(_cert);
serverSocket->setPrivateKey(_key);
if(isCertValid()) {
serverSocket->setLocalCertificate(_cert);
serverSocket->setPrivateKey(_key);
+ serverSocket->addCaCertificates(_ca);
}
_pendingConnections << serverSocket;
emit newConnection();
}
_pendingConnections << serverSocket;
emit newConnection();
<< "error:" << certFile.error();
return false;
}
<< "error:" << certFile.error();
return false;
}
- _cert = QSslCertificate(&certFile);
+
+ QList<QSslCertificate> certList = QSslCertificate::fromDevice(&certFile);
+
+ if (certList.isEmpty()) {
+ quWarning() << "SslServer: Certificate file doesn't contain a certificate";
+ return false;
+ }
+
+ _cert = certList[0];
+ certList.removeFirst(); // remove server cert
+
+ // store CA and intermediates certs
+ _ca = certList;
if(!certFile.reset()) {
quWarning() << "SslServer: IO error reading certificate file";
if(!certFile.reset()) {
quWarning() << "SslServer: IO error reading certificate file";
QLinkedList<QTcpSocket *> _pendingConnections;
QSslCertificate _cert;
QSslKey _key;
QLinkedList<QTcpSocket *> _pendingConnections;
QSslCertificate _cert;
QSslKey _key;
+ QList<QSslCertificate> _ca;