The certificate fix worked! It took me a while, though, because I found out
eventually that I needed to use a different certificate than the one I was
using (needed the DigiCert certificate)...
So here's what the status appears to be with it:
If we make sure Qt is compiled on Windows with SSL features enabled, and we
install libeay32.dll and ssleay32.dll into the bin directory, the HTTPS
network requests to https://cactus.nci.nih.gov/ seem to work on several
computers. It works on mine (Windows 10), it works on another Windows 10
desktop, and it worked on a Windows 7 computer. However, there is another
Windows 7 computer that was giving me great difficulty - it was failing
because of the error message:
"The issuer certificate of a locally looked up certificate could not be
found"
I'm guessing this is because some computers are missing the DigiCert
certificate. I'm not sure what determines whether a computer has it or not.
We can install the certificate (it is 2 kB) into the bin directory and use
the following code to load it:
QString certName = QString("digicertroot.crt");
// Read the SSL certificate
qDebug() << "Reading " << certName << "...";
QFile certFile(certName);
certFile.open(QIODevice::ReadOnly);
const QByteArray bytes = certFile.readAll();
certFile.close();
// Create a certificate object
const QSslCertificate cert(bytes);
qDebug() << "certificate info is:" << cert.expiryDate() <<
cert.version()
<< cert.serialNumber() << cert.isNull()
<< cert.issuerInfo(QSslCertificate::Organization);
// Add this certificate to all SSL connections
QSslSocket::addDefaultCaCertificate(cert);
This only needs to be called once and then all requests to "
https://cactus.nci.nih.gov/"; will work. So I've been calling it with the
main function (although I know we can probably come up with a better place
to call it...).
So I guess the question is: should we add the DigiCert certificate to the
install for Avogadro and add it using the code above? Are we allowed to
pass around certificates in installs?
Thanks,
Patrick
On Fri, Jun 10, 2016 at 1:24 AM, Patrick Avery <[email protected]> wrote:
> So, I got it to print out the SSL error message on the computer that it
> wasn't working on. Here's what the error message says:
>
> "The issuer certificate of a locally looked up certificate could not be
> found"
>
> "SSL handshake failed"
>
> Perhaps I'll need to add the certificates of the main websites that it
> visits...
>
> On Thu, Jun 9, 2016 at 3:39 PM, Patrick Avery <[email protected]> wrote:
>
>> Thank you, Marcus. It looks as though it is indeed an SSL issue, and it
>> appears as though I'm getting close to solving the problem. I got it to
>> work on my own personal computer - which is good. However, I haven't gotten
>> it to work on other computers as of yet.
>>
>> I compiled OpenSSL, and I recompiled Qt 4.8.6 making sure SSL options
>> were enabled (and I linked the openssl libraries and included the openssl
>> include file). The QtNetwork4.dll grew about 200 kB in size (I believe
>> indicating the added SSL features). With all of that done, the network
>> features with those servers started working on my computer - as long as I
>> had libeay32.dll and ssleay32.dll in my PATH. I manually added them to the
>> install for now (for testing) to the AvoCPack.cmake:
>>
>> file (GLOB libeay_DLL "C:/usr/local/ssl/bin/libeay32.dll")
>> file (GLOB ssleay_DLL "C:/usr/local/ssl/bin/ssleay32.dll")
>> install(FILES ${libeay_DLL} DESTINATION bin)
>> install(FILES ${ssleay_DLL} DESTINATION bin)
>>
>> However, despite all of this, it doesn't seem to be working yet on the
>> Windows 7 computer I have here. On the Windows 7
>> computer, QSslSocket::supportsSsl() still returns true now despite the
>> https stuff not working (
>> http://doc.qt.io/qt-4.8/qsslsocket.html#supportsSsl).
>>
>> I'm not entirely sure where to go from here. I'm going to try to
>> recompile Qt with the "-openssl-linked" flag (
>> http://doc.qt.io/qt-4.8/ssl.html) to see if that fixes it. Compiling Qt
>> takes a while, though...
>>
>> On Wed, Jun 8, 2016 at 8:20 PM, Marcus D. Hanwell <
>> [email protected]> wrote:
>>
>>> I can confirm that this used to work on Windows before the server
>>> changes. I built those binaries, but I also demonstrated the feature
>>> on a number of Windows machines. I think it is simply an SSL issue,
>>> and after a quick search found,
>>>
>>> http://stackoverflow.com/questions/3516143/qt-ssl-support-missing
>>>
>>> We had similar issues with CMake too, where the default binary did not
>>> distribute with SSL enabled due to export issues (i.e. mainly the US
>>> government defining strong encryption as a munition subject to export
>>> controls).
>>>
>>> I would suspect that this is the main cause, but it is not something
>>> that was ever a concern back then - few services used SSL. It looks
>>> like we would need to find and add Windows SSL DLLs to the
>>> distribution on Windows.
>>>
>>> On Wed, Jun 8, 2016 at 4:42 PM, Geoffrey Hutchison <[email protected]>
>>> wrote:
>>> > I'm stumped. I had network fetch problems on Mac, but the issue was
>>> > redirects from HTTP -> HTTPS. That's fixed.
>>> >
>>> > I'm not sure where the problem would be for Windows..
>>> >
>>> >
>>> > From: Patrick Avery <[email protected]>
>>> >
>>> > Well, I ran a few tests. From what I can tell, the network features
>>> haven't
>>> > worked for a while for Windows. We have a lab laptop that runs Windows
>>> 7 on
>>> > it. My personal laptop has Windows 10.
>>> >
>>> > I tested both Avogadro 1.2.0 and Avogadro 1.1.1 via this link:
>>> >
>>> http://sourceforge.net/projects/avogadro/files/avogadro/1.1.1/Avogadro-1.1.1-win32.exe/download
>>> >
>>> > Neither the IUPAC name nor the import molecule by chemical name worked
>>> for
>>> > any combination (Windows 7 Avogadro 1.1.1, Windows 7 Avogadro 1.2.0,
>>> Windows
>>> > 10 Avogadro 1.1.1, and Windows 10 Avogadro 1.2.0).
>>> >
>>> > So yeah, it doesn't look like the network features have been working
>>> for
>>> > Windows for a while. Perhaps no one noticed because most Windows users
>>> don't
>>> > use the network features...
>>> >
>>> > Oh, and the urls do use https except for this one:
>>> >
>>> https://github.com/cryos/avogadro/blob/50bef6066f81734f62f94e1b2ab06c34b9680dee/libavogadro/src/extensions/networkfetchextension.cpp#L108
>>> >
>>> > But that wasn't one I was testing with anyways.
>>> >
>>> >
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
>>> traffic
>>> > patterns at an interface-level. Reveals which users, apps, and
>>> protocols are
>>> > consuming the most bandwidth. Provides multi-vendor support for
>>> NetFlow,
>>> > J-Flow, sFlow and other flows. Make informed decisions using capacity
>>> > planning reports.
>>> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
>>> > _______________________________________________
>>> > Avogadro-devel mailing list
>>> > [email protected]
>>> > https://lists.sourceforge.net/lists/listinfo/avogadro-devel
>>> >
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and
>>> traffic
>>> patterns at an interface-level. Reveals which users, apps, and protocols
>>> are
>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>>> J-Flow, sFlow and other flows. Make informed decisions using capacity
>>> planning reports.
>>> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
>>> _______________________________________________
>>> Avogadro-devel mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/avogadro-devel
>>>
>>
>>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Avogadro-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/avogadro-devel
