Qt C++ SSL/TLS server with Python client -
qt version: 5.8.0
python version: 2.7.13
openssl version: openssl 1.0.1c
operating system: windows 10
i'm trying create ssl/tls server using qt c++ , client written in python. i'm using sslechoserver example project shipped qt. example python client, i'm using 1 got python documentation : https://docs.python.org/2/library/ssl.html. copied cert above-mentioned server example , placed next python script , specified in test scripts tried.
i have tried various python client examples have found on internet (like here: https://carlo-hamalainen.net/blog/2013/1/24/python-ssl-socket-echo-test-with-self-signed-certificate), none able connect qt echo server (it never printed out client connected: when use sslechoclient example shipped qt). client in link above work python server same link, know still works something.
qt c++ server code
sslechoserver.cpp
/**************************************************************************** ** ** copyright (c) 2016 kurt pattyn <pattyn.kurt@gmail.com>. ** contact: https://www.qt.io/licensing/ ** ** file part of qtwebsockets module of qt toolkit. ** ** $qt_begin_license:bsd$ ** commercial license usage ** licensees holding valid commercial qt licenses may use file in ** accordance commercial license agreement provided ** software or, alternatively, in accordance terms contained in ** written agreement between , qt company. licensing terms ** , conditions see https://www.qt.io/terms-conditions. further ** information use contact form @ https://www.qt.io/contact-us. ** ** bsd license usage ** alternatively, may use file under terms of bsd license ** follows: ** ** "redistribution , use in source , binary forms, or without ** modification, permitted provided following conditions ** met: ** * redistributions of source code must retain above copyright ** notice, list of conditions , following disclaimer. ** * redistributions in binary form must reproduce above copyright ** notice, list of conditions , following disclaimer in ** documentation and/or other materials provided ** distribution. ** * neither name of qt company ltd nor names of ** contributors may used endorse or promote products derived ** software without specific prior written permission. ** ** ** software provided copyright holders , contributors ** "as is" , express or implied warranties, including, not ** limited to, implied warranties of merchantability , fitness ** particular purpose disclaimed. in no event shall copyright ** owner or contributors liable direct, indirect, incidental, ** special, exemplary, or consequential damages (including, not ** limited to, procurement of substitute goods or services; loss of use, ** data, or profits; or business interruption) caused , on ** theory of liability, whether in contract, strict liability, or tort ** (including negligence or otherwise) arising in way out of use ** of software, if advised of possibility of such damage." ** ** $qt_end_license$ ** ****************************************************************************/ #include "sslechoserver.h" #include "qtwebsockets/qwebsocketserver" #include "qtwebsockets/qwebsocket" #include <qtcore/qdebug> #include <qtcore/qfile> #include <qtnetwork/qsslcertificate> #include <qtnetwork/qsslkey> qt_use_namespace //! [constructor] sslechoserver::sslechoserver(quint16 port, qobject *parent) : qobject(parent), m_pwebsocketserver(q_nullptr) { m_pwebsocketserver = new qwebsocketserver(qstringliteral("ssl echo server"), qwebsocketserver::securemode, this); qsslconfiguration sslconfiguration; qfile certfile(qstringliteral(":/localhost.cert")); qfile keyfile(qstringliteral(":/localhost.key")); certfile.open(qiodevice::readonly); keyfile.open(qiodevice::readonly); qsslcertificate certificate(&certfile, qssl::pem); qsslkey sslkey(&keyfile, qssl::rsa, qssl::pem); certfile.close(); keyfile.close(); sslconfiguration.setpeerverifymode(qsslsocket::verifynone); sslconfiguration.setlocalcertificate(certificate); sslconfiguration.setprivatekey(sslkey); sslconfiguration.setprotocol(qssl::tlsv1sslv3); // sslconfiguration.setprotocol(qssl::tlsv1_2orlater); m_pwebsocketserver->setsslconfiguration(sslconfiguration); if (m_pwebsocketserver->listen(qhostaddress::any, port)) { qdebug() << "ssl echo server listening on port" << port; connect(m_pwebsocketserver, &qwebsocketserver::newconnection, this, &sslechoserver::onnewconnection); connect(m_pwebsocketserver, &qwebsocketserver::sslerrors, this, &sslechoserver::onsslerrors); } } //! [constructor] sslechoserver::~sslechoserver() { m_pwebsocketserver->close(); qdeleteall(m_clients.begin(), m_clients.end()); } //! [onnewconnection] void sslechoserver::onnewconnection() { qwebsocket *psocket = m_pwebsocketserver->nextpendingconnection(); qdebug() << "client connected:" << psocket->peername() << psocket->origin(); connect(psocket, &qwebsocket::textmessagereceived, this, &sslechoserver::processtextmessage); connect(psocket, &qwebsocket::binarymessagereceived, this, &sslechoserver::processbinarymessage); connect(psocket, &qwebsocket::disconnected, this, &sslechoserver::socketdisconnected); m_clients << psocket; } //! [onnewconnection] //! [processtextmessage] void sslechoserver::processtextmessage(qstring message) { qwebsocket *pclient = qobject_cast<qwebsocket *>(sender()); if (pclient) { pclient->sendtextmessage(message); } } //! [processtextmessage] //! [processbinarymessage] void sslechoserver::processbinarymessage(qbytearray message) { qwebsocket *pclient = qobject_cast<qwebsocket *>(sender()); if (pclient) { pclient->sendbinarymessage(message); } } //! [processbinarymessage] //! [socketdisconnected] void sslechoserver::socketdisconnected() { qdebug() << "client disconnected"; qwebsocket *pclient = qobject_cast<qwebsocket *>(sender()); if (pclient) { m_clients.removeall(pclient); pclient->deletelater(); } } void sslechoserver::onsslerrors(const qlist<qsslerror> &) { qdebug() << "ssl errors occurred"; } //! [socketdisconnected] sslechoserver.h
/**************************************************************************** ** ** copyright (c) 2016 kurt pattyn <pattyn.kurt@gmail.com>. ** contact: https://www.qt.io/licensing/ ** ** file part of qtwebsockets module of qt toolkit. ** ** $qt_begin_license:bsd$ ** commercial license usage ** licensees holding valid commercial qt licenses may use file in ** accordance commercial license agreement provided ** software or, alternatively, in accordance terms contained in ** written agreement between , qt company. licensing terms ** , conditions see https://www.qt.io/terms-conditions. further ** information use contact form @ https://www.qt.io/contact-us. ** ** bsd license usage ** alternatively, may use file under terms of bsd license ** follows: ** ** "redistribution , use in source , binary forms, or without ** modification, permitted provided following conditions ** met: ** * redistributions of source code must retain above copyright ** notice, list of conditions , following disclaimer. ** * redistributions in binary form must reproduce above copyright ** notice, list of conditions , following disclaimer in ** documentation and/or other materials provided ** distribution. ** * neither name of qt company ltd nor names of ** contributors may used endorse or promote products derived ** software without specific prior written permission. ** ** ** software provided copyright holders , contributors ** "as is" , express or implied warranties, including, not ** limited to, implied warranties of merchantability , fitness ** particular purpose disclaimed. in no event shall copyright ** owner or contributors liable direct, indirect, incidental, ** special, exemplary, or consequential damages (including, not ** limited to, procurement of substitute goods or services; loss of use, ** data, or profits; or business interruption) caused , on ** theory of liability, whether in contract, strict liability, or tort ** (including negligence or otherwise) arising in way out of use ** of software, if advised of possibility of such damage." ** ** $qt_end_license$ ** ****************************************************************************/ #ifndef sslechoserver_h #define sslechoserver_h #include <qtcore/qobject> #include <qtcore/qlist> #include <qtcore/qbytearray> #include <qtnetwork/qsslerror> qt_forward_declare_class(qwebsocketserver) qt_forward_declare_class(qwebsocket) class sslechoserver : public qobject { q_object public: explicit sslechoserver(quint16 port, qobject *parent = q_nullptr); virtual ~sslechoserver(); private q_slots: void onnewconnection(); void processtextmessage(qstring message); void processbinarymessage(qbytearray message); void socketdisconnected(); void onsslerrors(const qlist<qsslerror> &errors); private: qwebsocketserver *m_pwebsocketserver; qlist<qwebsocket *> m_clients; }; #endif //sslechoserver_h main.cpp
/**************************************************************************** ** ** copyright (c) 2016 kurt pattyn <pattyn.kurt@gmail.com>. ** contact: https://www.qt.io/licensing/ ** ** file part of qtwebsockets module of qt toolkit. ** ** $qt_begin_license:bsd$ ** commercial license usage ** licensees holding valid commercial qt licenses may use file in ** accordance commercial license agreement provided ** software or, alternatively, in accordance terms contained in ** written agreement between , qt company. licensing terms ** , conditions see https://www.qt.io/terms-conditions. further ** information use contact form @ https://www.qt.io/contact-us. ** ** bsd license usage ** alternatively, may use file under terms of bsd license ** follows: ** ** "redistribution , use in source , binary forms, or without ** modification, permitted provided following conditions ** met: ** * redistributions of source code must retain above copyright ** notice, list of conditions , following disclaimer. ** * redistributions in binary form must reproduce above copyright ** notice, list of conditions , following disclaimer in ** documentation and/or other materials provided ** distribution. ** * neither name of qt company ltd nor names of ** contributors may used endorse or promote products derived ** software without specific prior written permission. ** ** ** software provided copyright holders , contributors ** "as is" , express or implied warranties, including, not ** limited to, implied warranties of merchantability , fitness ** particular purpose disclaimed. in no event shall copyright ** owner or contributors liable direct, indirect, incidental, ** special, exemplary, or consequential damages (including, not ** limited to, procurement of substitute goods or services; loss of use, ** data, or profits; or business interruption) caused , on ** theory of liability, whether in contract, strict liability, or tort ** (including negligence or otherwise) arising in way out of use ** of software, if advised of possibility of such damage." ** ** $qt_end_license$ ** ****************************************************************************/ #include <qtcore/qcoreapplication> #include "sslechoserver.h" int main(int argc, char *argv[]) { qcoreapplication a(argc, argv); sslechoserver server(1234); q_unused(server); return a.exec(); } python client code (just 1 of ones tried)
import socket, ssl context = ssl.sslcontext(ssl.protocol_tlsv1) context.verify_mode = ssl.cert_required context.check_hostname = true context.load_verify_locations("localhost.cert") # context.load_default_certs() s = socket.socket(socket.af_inet, socket.sock_stream) ssl_sock = context.wrap_socket(s, server_hostname='localhost') ssl_sock.connect(('localhost', 1234))
turns out had make python client connect use wss. installed websocket (version 0.40) https://pypi.python.org/pypi/websocket-client , used example script below. used python 3.6.1, think 2.7.x might work well.
import websocket import time import ssl if __name__ == "__main__": websocket.enabletrace(true) ws = websocket.websocket(sslopt={"ca_certs": "localhost.cert", "cert_reqs": ssl.cert_required}) ws.connect("wss://localhost:1234") print ("sending 'hello, world'...") ws.send("hello, world") print ("sent") print ("receiving...") result = ws.recv() print ("received '%s'" % result) ws.close()
Comments
Post a Comment