我使用以下代码连接到HTTPS页面:
QNetworkRequest request(QUrl("https://sso.post.ch/organizer/?login"));
QList<QSslCertificate> cas;
cas.append(QSslCertificate::fromPath("/foo/VerisignCA_G3.crt"));
cas.append(QSslCertificate::fromPath("/foo/VerisignCA_G5.crt"));
QSslConfiguration sslConf;
sslConf.setCaCertificates(cas);
request.setSslConfiguration(sslConf);
QNetworkReply *reply = nam.get(request);
connect(reply, SIGNAL(finished()), this, SLOT(httpFinished()));
connect(&nam, SIGNAL(sslErrors(QNetworkReply *, QList<QSslError>)),
this, SLOT(sslErrors(QNetworkReply *, QList<QSslError>)));
但是,此请求失败并显示以下错误消息(我省略了打印它的代码):
SSL errors occured while connecting to https://sso.post.ch/organizer/?login:
The issuer certificate of a locally looked up certificate could not be found
s:[O=VeriSign, Inc.,CN=VeriSign Class 3 International Server CA - G3,L=,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,S=64:1b:e8:20:ce:02:08:13:f3:2d:4d:2d:95:d6:7e:67]
i:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Trust Network]
The root CA certificate is not trusted for this purpose
s:[O=VeriSign, Inc.,CN=VeriSign Class 3 International Server CA - G3,L=,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,S=64:1b:e8:20:ce:02:08:13:f3:2d:4d:2d:95:d6:7e:67]
i:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Trust Network]
Installed CAs:
0: s:[O=VeriSign, Inc.,CN=VeriSign Class 3 International Server CA - G3,L=,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,S=64:1b:e8:20:ce:02:08:13:f3:2d:4d:2d:95:d6:7e:67]
i:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Trust Network]
1: s:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,S=18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a]
i:[O=VeriSign, Inc.,CN=VeriSign Class 3 Public Primary Certification Authority - G5,L=,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Trust Network]
奇怪的是,这个链在命令行中用openssl验证:
openssl s_client -CAfile VerisignCA_G5.crt -connect sso.post.ch:443
[...]
Verify return code: 0 (ok)
有谁知道我错过了什么?
可以找到VerisignCA_G5.crt here并且Verisign CA_G3.crt(MIIGKT ... 5mo)来自服务器提供的链(并且不需要将IMHO添加到CA列表中)。
感谢您的帮助!
答案 0 :(得分:0)
某些证书具有&#34; X509v3授权密钥标识符&#34;扩展集。这需要该发行人证书的确切版本,而不仅仅是具有相同主题的证书。