SSL, proxies and md5 sums

As Zack already mentioned in his blog, we had George Staikos visiting us in our Oslo office last week. He, Andreas and myself sat down to hack on some rather big API additions to our networking module.

Some of these changes have been visible in the snapshots for a few days now, as the work I have done to add support for transparent HTTP proxies to Qt (up to now only Socks5 was supported). A new QAuthenticator class has been added, handling the most common authentication methods used with proxies and HTTP servers (Basic, Digest-Md5 and NTLM). In addition all our networking classes got signals to tell you when a server (or a proxy) requires authentication. Today I've also updated the http example in Qt adding one UI file and around 10 lines of code showing how to show an authentication dialog to the user if the web server requires it.

A side product of doing Digest-Md5 and NTLM authentication for Qt was a neat little class called QCryptographicHash, that can calculate Md4 (I know you shouldn't use that, but NTLM requires it...), Md5 and Sha1 sums for you. The class is now part of QtCore.

The other big API addition that mainly Andreas (with help from George) has been working on is to add SSL support to QtNetwork. He submitted it to Qt about an hour ago, and you'll be able to see the code and play around with it in tonight's snapshots. We've done a few rounds on reviewing the API so we hope that the API is rather stable and includes most of the features required for doing SSL. The QSslSocket implementation is mostly done, but certificate and key handling still has quite a few rough edges in the implementation, which we'll try iron out within the next week or two.

Anyone who's ever tried to use the API of OpenSSL directly knows how hard it is. Opposed to that, we've tried hard to make it as simple as possible to use QSslSocket without compromising on security. In the end we came up with a design that should be trivial to use for anyone who ever used any of the Qt socket classes before. The whole design consists of 5 classes: QSslSocket, QSslCertificate, QSslCyper, QSslError and QSslKey.

QSslSocket derives from QTcpSocket and all you have in addition is a few methods to to the following:

  • key and certificate handling
  • start the server or client SSL handshake
  • one signal reporting errors
  • a slot to tell QSslSocket not to abort the connection after the error
  • some signals and properties for status reporting
  • and a convenience method to connect to a host and immediately enter SSL mode

We hope that the other classes are mostly self explanatory, but we hope to have enough time until 4.3 comes out to write a few nice examples.

For now, you can find a small example using QSslSocket here. It basically connects to an arbitrary server and port and will give a telnet alike command line after connecting to the server. Andreas states that the UI is ugly, so you better use the app with your eyes closed ;-)

Blog Topics: