The classes below provide support for secure network communication using the Secure Sockets Layer (SSL) protocol, using a native TLS backend, the OpenSSL 工具包 , or any appropriate TLS plugin to perform encryption and protocol handling.
From Qt version 5.15 onward, the officially supported version for OpenSSL is 1.1.1 or later.
| QDtls | 此类为 UDP (用户数据报协议) 套接字提供加密 |
| QDtlsClientVerifier | 此类实现服务器侧 DTLS Cookie 的生成和验证 |
| QDtlsClientVerifier::GeneratorParameters | 此类定义用于 DTLS Cookie 生成器的参数 |
| QOcspResponse | 此类表示在线证书状态协议响应 |
| QSsl | 声明 Qt Network 中所有 SSL 类公用的枚举 |
| QSslCertificate | 用于 X509 证书的便捷 API |
| QSslCertificateExtension | 用于访问 X509 证书扩展名的 API |
| QSslCipher | 表示 SSL 加密密码 |
| QSslConfiguration | 保持 SSL 连接的配置和状态 |
| QSslDiffieHellmanParameters | 用于服务器的 Diffie-Hellman 参数的接口 |
| QSslEllipticCurve | 表示供椭圆曲线密码算法使用的椭圆曲线 |
| QSslError | SSL 错误 |
| QSslKey | 用于私钥和公钥的接口 |
| QSslPreSharedKeyAuthenticator | 用于 PSK (预共享密钥) 密码套件的身份验证数据 |
| QSslServer | Implements an encrypted, secure TCP server over TLS |
| QSslSocket | 用于客户端和服务器两者的 SSL 加密套接字 |
| QSslSocket::AlertLevel | Describes the level of an alert message |
| QSslSocket::AlertType | Enumerates possible codes that an alert message can have |
| QDtls::HandshakeState | 描述 DTLS 握手的当前状态 |
| QSslSocket::ImplementedClass | Enumerates classes that a TLS backend implements |
| QDtls::QDtlsError | 描述通过 QDtls 和 QDtlsClientVerifier 发现的错误 |
| QOcspResponse::QOcspCertificateStatus | 描述在线证书状态 |
| QOcspResponse::QOcspRevocationReason | 描述撤销的原因 |
| QSslSocket::SupportedFeature | Enumerates possible features that a TLS backend supports |
For Android applications see 为 Android 添加 OpenSSL 支持 .
When building Qt from source, Qt builds plugins for native TLS libraries that are supported for the operating system you are building for. For Windows this means Schannel , while for macOS this is Secure Transport .
On all platforms, the configuration system checks for the presence of the
openssl/opensslv.h
header provided by source or developer packages of OpenSSL. If found, it will enable and build the OpenSSL backend for Qt.
By default, an OpenSSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time. However, it is possible to link against the library at compile-time by configuring Qt with the
-openssl-linked
选项。
When building a version of Qt linked against OpenSSL, Qt's build system will use CMake's
FindOpenSSL
command to find OpenSSL in several standard locations. You can set the CMake variable OPENSSL_ROOT_DIR to force a specific location.
例如:
configure -openssl-linked -- -D OPENSSL_ROOT_DIR=<openssl_dir>
要禁用 SSL 支持在 Qt 构建中,配置 Qt 采用
-no-openssl
选项。
When you package your application, you may run a tool like
windeployqt
. This copies all the plugins for the libraries you use to the
plugins/
folder. However, for TLS you only need one backend, and you may delete the other plugins before packaging your application. For example, if you're on Windows and don't require any of the extra features the OpenSSL backend provides, you can choose to forego shipping the
qopensslbackend
plugin as well as the OpenSSL library, and simply ship the
qschannelbackend
插件。
However, shipping multiple backends is not a problem. Qt will attempt to load the backends in order (with OpenSSL attempted first) until one is successfully loaded. The other backends are then unused.
DTLS (安全数据报传输层) 是为基于数据报的应用程序,提供防窃听、防篡改或防消息伪造保护的一种安全协议。DTLS 协议基于面向流的 TLS (传输层安全) 协议。 QtNetwork 使能够使用采用 UDP (用户数据报协议) 的 DTLS,作为定义通过 RFC 6347 .
Qt 二进制安装程序包括的 OpenSSL 库,使用要通过 QtNetwork 。不管怎样,这些不会自动部署到采用 Qt 构建的应用程序中。进出口限定适用于某些类型的软件,也适用于世界某些地区。希望在部署应用程序中使用 SSL 通信的开发者应确保其用户有安装合适的库,或者,他们应咨询具备适当资格的法律专业人士,以确保使用 OpenSSL 工程代码的应用程序在世界相关地区得到正确进出口认证。
