The classes below provide support for secure network communication using the Secure Sockets Layer (SSL) protocol, using a native TLS backend, the OpenSSL 工具包 , or any appropriate TLS plugin to perform encryption and protocol handling.
From Qt version 5.15 onward, the officially supported version for OpenSSL is 1.1.1 or later.
| QDtls | 此類為 UDP (用戶數據報協議) 套接字提供加密 |
| QDtlsClientVerifier | 此類實現服務器側 DTLS Cookie 的生成和驗證 |
| QDtlsClientVerifier::GeneratorParameters | 此類定義用於 DTLS Cookie 生成器的參數 |
| QOcspResponse | 此類錶示在綫證書狀態協議響應 |
| QSsl | 聲明 Qt Network 中所有 SSL 類公用的枚舉 |
| QSslCertificate | 用於 X509 證書的便捷 API |
| QSslCertificateExtension | 用於訪問 X509 證書擴展名的 API |
| QSslCipher | 錶示 SSL 加密密碼 |
| QSslConfiguration | 保持 SSL 連接的配置和狀態 |
| QSslDiffieHellmanParameters | 用於服務器的 Diffie-Hellman 參數的接口 |
| QSslEllipticCurve | 錶示供橢圓麯綫密碼算法使用的橢圓麯綫 |
| QSslError | SSL 錯誤 |
| QSslKey | 用於私鑰和公鑰的接口 |
| QSslPreSharedKeyAuthenticator | 用於 PSK (預共享密鑰) 密碼套件的身份驗證數據 |
| QSslServer | Implements an encrypted, secure TCP server over TLS |
| QSslSocket | 用於客戶端和服務器兩者的 SSL 加密套接字 |
| QSslSocket::AlertLevel | Describes the level of an alert message |
| QSslSocket::AlertType | Enumerates possible codes that an alert message can have |
| QDtls::HandshakeState | 描述 DTLS 握手的當前狀態 |
| QSslSocket::ImplementedClass | Enumerates classes that a TLS backend implements |
| QDtls::QDtlsError | 描述通過 QDtls 和 QDtlsClientVerifier 發現的錯誤 |
| QOcspResponse::QOcspCertificateStatus | 描述在綫證書狀態 |
| QOcspResponse::QOcspRevocationReason | 描述撤銷的原因 |
| QSslSocket::SupportedFeature | Enumerates possible features that a TLS backend supports |
For Android applications see 為 Android 添加 OpenSSL 支持 .
When building Qt from source, Qt builds plugins for native TLS libraries that are supported for the operating system you are building for. For Windows this means Schannel , while for macOS this is Secure Transport .
On all platforms, the configuration system checks for the presence of the
openssl/opensslv.h
header provided by source or developer packages of OpenSSL. If found, it will enable and build the OpenSSL backend for Qt.
By default, an OpenSSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time. However, it is possible to link against the library at compile-time by configuring Qt with the
-openssl-linked
選項。
When building a version of Qt linked against OpenSSL, Qt's build system will use CMake's
FindOpenSSL
command to find OpenSSL in several standard locations. You can set the CMake variable OPENSSL_ROOT_DIR to force a specific location.
例如:
configure -openssl-linked -- -D OPENSSL_ROOT_DIR=<openssl_dir>
要禁用 SSL 支持在 Qt 構建中,配置 Qt 采用
-no-openssl
選項。
When you package your application, you may run a tool like
windeployqt
. This copies all the plugins for the libraries you use to the
plugins/
folder. However, for TLS you only need one backend, and you may delete the other plugins before packaging your application. For example, if you're on Windows and don't require any of the extra features the OpenSSL backend provides, you can choose to forego shipping the
qopensslbackend
plugin as well as the OpenSSL library, and simply ship the
qschannelbackend
插件。
However, shipping multiple backends is not a problem. Qt will attempt to load the backends in order (with OpenSSL attempted first) until one is successfully loaded. The other backends are then unused.
DTLS (安全數據報傳輸層) 是為基於數據報的應用程序,提供防竊聽、防篡改或防消息僞造保護的一種安全協議。DTLS 協議基於麵嚮流的 TLS (傳輸層安全) 協議。 QtNetwork 使能夠使用采用 UDP (用戶數據報協議) 的 DTLS,作為定義通過 RFC 6347 .
Qt 二進製安裝程序包括的 OpenSSL 庫,使用要通過 QtNetwork 。不管怎樣,這些不會自動部署到采用 Qt 構建的應用程序中。進齣口限定適用於某些類型的軟件,也適用於世界某些地區。希望在部署應用程序中使用 SSL 通信的開發者應確保其用戶有安裝閤適的庫,或者,他們應諮詢具備適當資格的法律專業人士,以確保使用 OpenSSL 工程代碼的應用程序在世界相關地區得到正確進齣口認證。
