Does it work if you call setProtocol(QSsl::TlsV1_2) on the client socket/configuration before connecting?
The PSK emission you see sounds like OpenSSL 1.1.1 with TLS 1.3, but I don't think it should fail the handshake, or at least don't remember seeing it do that. - Mårten On 22.11.2018 13:09, Konstantin Shegunov wrote: > Hello, > I'm struggling to get an SSL connection established between a server and > a client of mine using a self-signed certificate. The SSL handshake > fails but I can't seem to find out why. Here's what I did: > > For the server: > > 1) I generated a key and certificate. > 2) I've set them to the socket like this: > socket->setPrivateKey(keyFile); > socket->setLocalCertificate(certificateFile); > 3) I call QSslSocket::startServerEncryption to get the handshake > rolling. > > > For the client: > > 1) I used the server's certificate and loaded it (verified it loads > properly). > 2) I set it to the socket with QSslSocket::addCaCertificate. > 3) I call QSslSocket::startClientEncryption. > > > The problem is the client drops the connection with > QAbstractSocket::SslHandshakeFailedError, however I get nothing from the > QSslSocket::sslErrors signal (also nada from the method). > > I observed, however, that the client socket raises the > QSslSocket::preSharedKeyAuthenticationRequired for some reason. As I > don't really handle this one (only debug output) I imagine this is the > reason the handshake fails. Nonetheless, I thought a PSK authentication > shouldn't be required whenever I provide a key and a certificate > server-side. > > Any ideas why is this failing and how to solve it? > > Thanks in advance! > Kind regards. > > > > > _______________________________________________ > Interest mailing list > [email protected] > https://lists.qt-project.org/listinfo/interest > _______________________________________________ Interest mailing list [email protected] https://lists.qt-project.org/listinfo/interest
