I am getting SSL Handshake Errors making a request due to the SAN not being read from the certificate. In the on_SSLErrors, I dump out the peer certificate. using cert.toPem(), I decode it at https://www.sslshopper.com/certificate-decoder.html. This shows the Subject Alternateive Names. But in the cert in QT, I get an empty map from cert.subjectAlternativeNames().
my dumpCert function:
void MyRequest::dumpCertificate( const QSslCertificate &cert )
{
qDebug() << cert.toPem();
qDebug() << "== Subject Info ==\b";
qDebug() << "CommonName: " << cert.subjectInfo( QSslCertificate::CommonName );
qDebug() << "Organization: " << cert.subjectInfo( QSslCertificate::Organization );
qDebug() << "LocalityName: " << cert.subjectInfo( QSslCertificate::LocalityName );
qDebug() << "OrganizationalUnitName: " << cert.subjectInfo( QSslCertificate::OrganizationalUnitName );
qDebug() << "StateOrProvinceName: " << cert.subjectInfo( QSslCertificate::StateOrProvinceName );
QMultiMap<QSsl::AlternativeNameEntryType, QString> altNames = cert.subjectAlternativeNames();
if ( !altNames.isEmpty() ) {
qDebug() << "Subject Alternate Names (DNS):";
foreach
(const QString &altName, altNames.
values(QSsl
::DnsEntry)) { qDebug() << altName;
}
qDebug() << "Alternate Subject Names (Email):";
foreach
(const QString &altName, altNames.
values(QSsl
::EmailEntry)) { qDebug() << altName;
}
}
else {
qDebug() << "No Subject Alternate Names";
}
qDebug() << "\n== Issuer Info ==";
qDebug() << "CommonName: " << cert.issuerInfo( QSslCertificate::CommonName );
qDebug() << "Organization: " << cert.issuerInfo( QSslCertificate::Organization );
qDebug() << "LocalityName: " << cert.issuerInfo( QSslCertificate::LocalityName );
qDebug() << "OrganizationalUnitName: " << cert.issuerInfo( QSslCertificate::OrganizationalUnitName );
qDebug() << "StateOrProvinceName: " << cert.issuerInfo( QSslCertificate::StateOrProvinceName );
qDebug() << "\n== Certificate ==";
qDebug() << "Serial Number: " << cert.serialNumber();
qDebug() << "Effective Date: " << cert.effectiveDate().toString();
qDebug() << "Expiry Date: " << cert.expiryDate().toString();
}
void MyRequest::dumpCertificate( const QSslCertificate &cert )
{
qDebug() << cert.toPem();
qDebug() << "== Subject Info ==\b";
qDebug() << "CommonName: " << cert.subjectInfo( QSslCertificate::CommonName );
qDebug() << "Organization: " << cert.subjectInfo( QSslCertificate::Organization );
qDebug() << "LocalityName: " << cert.subjectInfo( QSslCertificate::LocalityName );
qDebug() << "OrganizationalUnitName: " << cert.subjectInfo( QSslCertificate::OrganizationalUnitName );
qDebug() << "StateOrProvinceName: " << cert.subjectInfo( QSslCertificate::StateOrProvinceName );
QMultiMap<QSsl::AlternativeNameEntryType, QString> altNames = cert.subjectAlternativeNames();
if ( !altNames.isEmpty() ) {
qDebug() << "Subject Alternate Names (DNS):";
foreach (const QString &altName, altNames.values(QSsl::DnsEntry)) {
qDebug() << altName;
}
qDebug() << "Alternate Subject Names (Email):";
foreach (const QString &altName, altNames.values(QSsl::EmailEntry)) {
qDebug() << altName;
}
}
else {
qDebug() << "No Subject Alternate Names";
}
qDebug() << "\n== Issuer Info ==";
qDebug() << "CommonName: " << cert.issuerInfo( QSslCertificate::CommonName );
qDebug() << "Organization: " << cert.issuerInfo( QSslCertificate::Organization );
qDebug() << "LocalityName: " << cert.issuerInfo( QSslCertificate::LocalityName );
qDebug() << "OrganizationalUnitName: " << cert.issuerInfo( QSslCertificate::OrganizationalUnitName );
qDebug() << "StateOrProvinceName: " << cert.issuerInfo( QSslCertificate::StateOrProvinceName );
qDebug() << "\n== Certificate ==";
qDebug() << "Serial Number: " << cert.serialNumber();
qDebug() << "Effective Date: " << cert.effectiveDate().toString();
qDebug() << "Expiry Date: " << cert.expiryDate().toString();
}
To copy to clipboard, switch view to plain text mode
QSslCertificate not populating Subject Alternative Names
Reply With Quote
Bookmarks