下面的类使用 SSL (安全套接字层) 协议为安全网络通信提供支持,使用本机 TLS (传输层安全) 后端 OpenSSL 工具包 ,或任何适当 TLS 插件以履行加密和协议处理。
| 此类为 UDP (用户数据报协议) 套接字提供加密 | |
| 此类实现服务器侧 DTLS Cookie 的生成和验证 | |
| 此类定义用于 DTLS Cookie 生成器的参数 | |
| 此类表示在线证书状态协议响应 | |
| 声明 Qt Network 中所有 SSL 类公用的枚举 | |
| 用于 X509 证书的便捷 API | |
| 用于访问 X509 证书扩展名的 API | |
| 表示 SSL 加密密码 | |
| 保持 SSL 连接的配置和状态 | |
| 用于服务器的 Diffie-Hellman 参数的接口 | |
| 表示供椭圆曲线密码算法使用的椭圆曲线 | |
| SSL 错误 | |
| 用于私钥和公钥的接口 | |
| 用于 PSK (预共享密钥) 密码套件的身份验证数据 | |
| 通过 TLS (传输层安全) 实现加密的安全 TCP 服务器 | |
| 用于客户端和服务器两者的 SSL 加密套接字 | |
| 描述警报消息的级别 | |
| 枚举警报消息可以拥有的可能代码 | |
| 描述 DTLS 握手的当前状态 | |
| 枚举 TLS (传输层安全) 后端实现的类 | |
| 描述通过 QDtls 和 QDtlsClientVerifier 发现的错误 | |
| 描述在线证书状态 | |
| 描述撤销的原因 | |
| 枚举 TLS (传输层安全) 后端支持的可能特征 |
对于 Android 应用程序,见 为 Android 添加 OpenSSL 支持 .
Use encryption when transporting data on any network whenever possible. Plaintext , which is unencrypted data that is easily readable, exposes sensitive data such as user information and information about network systems.
使用 QSslSocket::connectToHostEncrypted () to connect using encryption and check for SSL issues using QSslSocket::sslHandshakeErrors ()。使用 QSslSocket::ignoreSslErrors () with caution as it will create security risks in your application.
使用 QSslConfiguration to enforce strong security settings. The supported protocols depend on the SSL backend and the risk level of a protocol could change in the future. You can use a newer and more secure protocol using QSslConfiguration::setProtocol (). For more information, refer to QSsl::SslProtocol for the available protocols.
When building Qt from source, Qt builds plugins for native TLS libraries that are supported for the operating system you are building for. For Windows this means Schannel ,而对于 macOS 这是 Secure Transport .
在所有平台,配置系统校验是否存在
openssl/opensslv.h
header provided by source or developer packages of OpenSSL. If found, it will enable and build the OpenSSL backend for Qt.
注意: While Qt can still support the older OpenSSL 1.1.1 version when built from sources, the builds of Qt in the Qt Online Installer require OpenSSL 3 at runtime.
默认情况下,启用 OpenSSL 的 Qt 库在运行时会动态加载任何安装的 OpenSSL 库。不管怎样,在编译时链接到库是可能的通过配置 Qt 采用
-openssl-linked
选项。
When building a version of Qt linked against OpenSSL, Qt's build system will use CMake's
FindOpenSSL
command to find OpenSSL in several standard locations. You can set the CMake variable OPENSSL_ROOT_DIR to force a specific location.
例如:
configure -openssl-linked -- -D OPENSSL_ROOT_DIR=<openssl_dir>
要禁用 SSL 支持在 Qt 构建中,配置 Qt 采用
-no-openssl
选项。
当打包应用程序时,可能运行工具像
windeployqt
。这将要使用的所有库插件拷贝到
plugins/
folder. However, for TLS you only need one backend, and you may delete the other plugins before packaging your application. For example, if you're on Windows and don't require any of the extra features the OpenSSL backend provides, you can choose to forego shipping the
qopensslbackend
plugin as well as the OpenSSL library, and simply ship the
qschannelbackend
插件。
不管怎样,随附多个后端不是问题。Qt 将试图按次序加载后端 (首先尝试 OpenSSL),直到成功加载一个后端为止。就不再使用其它后端。
DTLS (安全数据报传输层) 是为基于数据报的应用程序,提供防窃听、防篡改或防消息伪造保护的一种安全协议。DTLS 协议基于面向流的 TLS (传输层安全) 协议。 QtNetwork 使能够使用采用 UDP (用户数据报协议) 的 DTLS,作为定义通过 RFC 6347 .
Import and export restrictions apply for some types of software, and for some parts of the world. Developers wishing to use SSL communication in their deployed applications should either ensure that their users have the appropriate libraries installed, or they should consult a suitably qualified legal professional to ensure that applications using code from the OpenSSL project are correctly certified for import and export in relevant regions of the world.
参考 Qt 框架和工具的出口管制 了解更多信息。
