QSslSocket 類為客戶端和服務器兩者提供 SSL (安全套接字層) 加密套接字。 更多...
| 頭: |
#include <QSslSocket>
|
| CMake: |
find_package(Qt6 REQUIRED COMPONENTS Network)
target_link_libraries(mytarget PRIVATE Qt6::Network)
|
| qmake: |
QT += network
|
| 繼承: | QTcpSocket |
注意: 此類的所有函數 可重入 .
| enum | PeerVerifyMode { VerifyNone, QueryPeer, VerifyPeer, AutoVerifyPeer } |
| enum | SslMode { UnencryptedMode, SslClientMode, SslServerMode } |
| QSslSocket (QObject * parent = nullptr) | |
| virtual | ~QSslSocket () |
| void | connectToHostEncrypted (const QString & hostName , quint16 port , QIODeviceBase::OpenMode mode = ReadWrite, QAbstractSocket::NetworkLayerProtocol protocol = AnyIPProtocol) |
| void | connectToHostEncrypted (const QString & hostName , quint16 port , const QString & sslPeerName , QIODeviceBase::OpenMode mode = ReadWrite, QAbstractSocket::NetworkLayerProtocol protocol = AnyIPProtocol) |
(從 6.0 起)
void
|
continueInterruptedHandshake () |
| qint64 | encryptedBytesAvailable () const |
| qint64 | encryptedBytesToWrite () const |
| void | ignoreSslErrors (const QList<QSslError> & errors ) |
| bool | isEncrypted () const |
| QSslCertificate | localCertificate () const |
| QList<QSslCertificate> | localCertificateChain () const |
| QSslSocket::SslMode | mode () const |
| QList<QOcspResponse> | ocspResponses () const |
| QSslCertificate | peerCertificate () const |
| QList<QSslCertificate> | peerCertificateChain () const |
| int | peerVerifyDepth () const |
| QSslSocket::PeerVerifyMode | peerVerifyMode () const |
| QString | peerVerifyName () const |
| QSslKey | privateKey () const |
| QSsl::SslProtocol | protocol () const |
| QSslCipher | sessionCipher () const |
| QSsl::SslProtocol | sessionProtocol () const |
| void | setLocalCertificate (const QSslCertificate & certificate ) |
| void | setLocalCertificate (const QString & path , QSsl::EncodingFormat format = QSsl::Pem) |
| void | setLocalCertificateChain (const QList<QSslCertificate> & localChain ) |
| void | setPeerVerifyDepth (int depth ) |
| void | setPeerVerifyMode (QSslSocket::PeerVerifyMode mode ) |
| void | setPeerVerifyName (const QString & hostName ) |
| void | setPrivateKey (const QSslKey & key ) |
| void | setPrivateKey (const QString & fileName , QSsl::KeyAlgorithm algorithm = QSsl::Rsa, QSsl::EncodingFormat format = QSsl::Pem, const QByteArray & passPhrase = QByteArray()) |
| void | setProtocol (QSsl::SslProtocol protocol ) |
| void | setSslConfiguration (const QSslConfiguration & configuration ) |
| QSslConfiguration | sslConfiguration () const |
| QList<QSslError> | sslHandshakeErrors () const |
| bool | waitForEncrypted (int msecs = 30000) |
| virtual bool | atEnd () const override |
| virtual qint64 | bytesAvailable () const override |
| virtual qint64 | bytesToWrite () const override |
| virtual bool | canReadLine () const override |
| virtual void | close () override |
| virtual void | resume () override |
| virtual void | setReadBufferSize (qint64 size ) override |
| virtual bool | setSocketDescriptor (qintptr socketDescriptor , QAbstractSocket::SocketState state = ConnectedState, QIODeviceBase::OpenMode openMode = ReadWrite) override |
| virtual void | setSocketOption (QAbstractSocket::SocketOption option , const QVariant & value ) override |
| virtual QVariant | socketOption (QAbstractSocket::SocketOption option ) override |
| virtual bool | waitForBytesWritten (int msecs = 30000) override |
| virtual bool | waitForConnected (int msecs = 30000) override |
| virtual bool | waitForDisconnected (int msecs = 30000) override |
| virtual bool | waitForReadyRead (int msecs = 30000) override |
| void | ignoreSslErrors () |
| void | startClientEncryption () |
| void | startServerEncryption () |
| void | alertReceived (QSsl::AlertLevel level , QSsl::AlertType type , const QString & 描述 ) |
| void | alertSent (QSsl::AlertLevel level , QSsl::AlertType type , const QString & 描述 ) |
| void | encrypted () |
| void | encryptedBytesWritten (qint64 written ) |
| void | handshakeInterruptedOnError (const QSslError & error ) |
| void | modeChanged (QSslSocket::SslMode mode ) |
| void | newSessionTicketReceived () |
| void | peerVerifyError (const QSslError & error ) |
| void | preSharedKeyAuthenticationRequired (QSslPreSharedKeyAuthenticator * authenticator ) |
| void | sslErrors (const QList<QSslError> & errors ) |
(從 6.1 起)
QString
|
activeBackend () |
(從 6.1 起)
QList<QString>
|
availableBackends () |
(從 6.1 起)
QList<QSsl::ImplementedClass>
|
implementedClasses (const QString & backendName = {}) |
(從 6.1 起)
bool
|
isClassImplemented (QSsl::ImplementedClass cl , const QString & backendName = {}) |
(從 6.1 起)
bool
|
isFeatureSupported (QSsl::SupportedFeature ft , const QString & backendName = {}) |
(從 6.1 起)
bool
|
isProtocolSupported (QSsl::SslProtocol protocol , const QString & backendName = {}) |
(從 6.1 起)
bool
|
setActiveBackend (const QString & backendName ) |
| long | sslLibraryBuildVersionNumber () |
| QString | sslLibraryBuildVersionString () |
| long | sslLibraryVersionNumber () |
| QString | sslLibraryVersionString () |
(從 6.1 起)
QList<QSsl::SupportedFeature>
|
supportedFeatures (const QString & backendName = {}) |
(從 6.1 起)
QList<QSsl::SslProtocol>
|
supportedProtocols (const QString & backendName = {}) |
| bool | supportsSsl () |
| virtual qint64 | readData (char * data , qint64 maxlen ) override |
| virtual qint64 | skipData (qint64 maxSize ) override |
| virtual qint64 | writeData (const char * data , qint64 len ) override |
(從 6.0 起)
枚舉類
|
AlertLevel { Warning, Fatal, Unknown } |
(從 6.0 起)
枚舉類
|
AlertType { CloseNotify, UnexpectedMessage, BadRecordMac, RecordOverflow, DecompressionFailure, …, UnknownAlertMessage } |
(從 6.1 起)
枚舉類
|
ImplementedClass { Key, Certificate, Socket, DiffieHellman, EllipticCurve, …, DtlsCookie } |
(從 6.1 起)
枚舉類
|
SupportedFeature { CertificateVerification, ClientSideAlpn, ServerSideAlpn, Ocsp, Psk, …, Alerts } |
QSslSocket 建立可以用於傳輸加密數據的安全、加密 TCP (傳輸控製協議) 連接。可以運轉於客戶端和服務器兩者模式下,且支持現代 TLS (傳輸層安全) 協議,包括 TLS 1.3。默認情況下,QSslSocket 隻使用認為安全的 TLS 協議 ( QSsl::SecureProtocols ),但可以改變 TLS 協議通過調用 setProtocol () 隻要在握手開始之前這樣做。
SSL (安全套接字層) 加密運轉於現有 TCP 流之上,在套接字進入 ConnectedState 後。使用 QSslSocket 建立安全連接有 2 種簡單方式:采用立即 SSL 握手,或采用齣現延遲 SSL 握手 (在以非加密模式建立連接後)。
使用 QSslSocket 的最常見方式,是構造對象並啓動安全連接通過調用 connectToHostEncrypted ()。此方法立即啓動 SSL 握手,一旦連接已建立。
QSslSocket *socket = new QSslSocket(this); connect(socket, &QSslSocket::encrypted, this, &Receiver::ready); socket->connectToHostEncrypted("imap.example.com", 993);
就像純 QTcpSocket ,QSslSocket 進入 HostLookupState,ConnectingState,最後進入 ConnectedState,若成功連接。然後開始自動握手,若成功, encrypted () 信號發射,以指示套接字已進入加密狀態且準備使用。
注意,之後可以立即把數據寫入套接字,當返迴從 connectToHostEncrypted () (即:之前的 encrypted () 信號被發射)。數據先在 QSslSocket 中隊列直到 encrypted () 信號發射。
An example of using the delayed SSL handshake to secure an existing connection is the case where an SSL server secures an incoming connection. Suppose you create an SSL server class as a subclass of QTcpServer . You would override QTcpServer::incomingConnection () with something like the example below, which first constructs an instance of QSslSocket and then calls setSocketDescriptor () to set the new socket's descriptor to the existing one passed in. It then initiates the SSL handshake by calling startServerEncryption ().
void SslServer::incomingConnection(qintptr socketDescriptor) { QSslSocket *serverSocket = new QSslSocket; if (serverSocket->setSocketDescriptor(socketDescriptor)) { addPendingConnection(serverSocket); connect(serverSocket, &QSslSocket::encrypted, this, &SslServer::ready); serverSocket->startServerEncryption(); } else { delete serverSocket; } }
若齣現錯誤,QSslSocket 發射 sslErrors () signal. In this case, if no action is taken to ignore the error(s), the connection is dropped. To continue, despite the occurrence of an error, you can call ignoreSslErrors (), either from within this slot after the error occurs, or any time after construction of the QSslSocket and before the connection is attempted. This will allow QSslSocket to ignore the errors it encounters when establishing the identity of the peer. Ignoring errors during an SSL handshake should be used with caution, since a fundamental characteristic of secure connections is that they should be established with a successful handshake.
一旦被加密,使用 QSslSocket 作為常規 QTcpSocket 。當 readyRead () 發射,可以調用 read (), canReadLine () 和 readLine (),或 getChar () to read decrypted data from QSslSocket's internal buffer, and you can call write () 或 putChar () to write data back to the peer. QSslSocket will automatically encrypt the written data for you, and emit encryptedBytesWritten () once the data has been written to the peer.
為瞭方便,QSslSocket 支持 QTcpSocket 's blocking functions waitForConnected (), waitForReadyRead (), waitForBytesWritten (),和 waitForDisconnected ()。它還提供 waitForEncrypted (), which will block the calling thread until an encrypted connection has been established.
QSslSocket socket; socket.connectToHostEncrypted("http.example.com", 443); if (!socket.waitForEncrypted()) { qDebug() << socket.errorString(); return false; } socket.write("GET / HTTP/1.0\r\n\r\n"); while (socket.waitForReadyRead()) qDebug() << socket.readAll().data();
QSslSocket provides an extensive, easy-to-use API for handling cryptographic ciphers, private keys, and local, peer, and Certification Authority (CA) certificates. It also provides an API for handling errors that occur during the handshake phase.
還可以定製下列特徵:
To extend the list of default CA certificates used by the SSL sockets during the SSL handshake you must update the default configuration, as in the snippet below:
QList<QSslCertificate> certificates = getCertificates(); QSslConfiguration configuration = QSslConfiguration::defaultConfiguration(); configuration.addCaCertificates(certificates); QSslConfiguration::setDefaultConfiguration(configuration);
注意: If available, root certificates on Unix (excluding macOS) will be loaded on demand from the standard certificate directories. If you do not want to load root certificates on demand, you need to call either QSslConfiguration::defaultConfiguration ().setCaCertificates() before the first SSL handshake is made in your application (for example, via passing QSslSocket::systemCaCertificates() to it), or call QSslConfiguration::defaultConfiguration ()::setCaCertificates() on your QSslSocket instance prior to the SSL handshake.
For more information about ciphers and certificates, refer to QSslCipher and QSslCertificate .
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( http://www.openssl.org/ ).
注意: Be aware of the difference between the bytesWritten () 信號和 encryptedBytesWritten () signal. For a QTcpSocket , bytesWritten () will get emitted as soon as data has been written to the TCP socket. For a QSslSocket, bytesWritten () will get emitted when the data is being encrypted and encryptedBytesWritten () will get emitted as soon as data has been written to the TCP socket.
另請參閱 QSslCertificate , QSslCipher ,和 QSslError .
描述對等驗證模式為 QSslSocket . The default mode is AutoVerifyPeer, which selects an appropriate mode depending on the socket's QSocket::SslMode.
| 常量 | 值 | 描述 |
|---|---|---|
QSslSocket::VerifyNone
|
0
|
QSslSocket will not request a certificate from the peer. You can set this mode if you are not interested in the identity of the other side of the connection. The connection will still be encrypted, and your socket will still send its local certificate to the peer if it's requested. |
QSslSocket::QueryPeer
|
1
|
QSslSocket will request a certificate from the peer, but does not require this certificate to be valid. This is useful when you want to display peer certificate details to the user without affecting the actual SSL handshake. This mode is the default for servers. Note: In Schannel this value acts the same as VerifyNone. |
QSslSocket::VerifyPeer
|
2
|
QSslSocket will request a certificate from the peer during the SSL handshake phase, and requires that this certificate is valid. On failure, QSslSocket 將發射 QSslSocket::sslErrors () signal. This mode is the default for clients. |
QSslSocket::AutoVerifyPeer
|
3
|
QSslSocket will automatically use QueryPeer for server sockets and VerifyPeer for client sockets. |
另請參閱 QSslSocket::peerVerifyMode ().
描述可用連接模式為 QSslSocket .
| 常量 | 值 | 描述 |
|---|---|---|
QSslSocket::UnencryptedMode
|
0
|
套接字未加密。其行為等同於 QTcpSocket . |
QSslSocket::SslClientMode
|
1
|
套接字是客戶端側 SSL (安全套接字層) 套接字。它要麼已經加密,要麼處於 SSL 握手階段 (見 QSslSocket::isEncrypted ()). |
QSslSocket::SslServerMode
|
2
|
套接字是服務器側 SSL (安全套接字層) 套接字。它要麼已經加密,要麼處於 SSL 握手階段 (見 QSslSocket::isEncrypted ()). |
[explicit]
QSslSocket::
QSslSocket
(
QObject
*
parent
= nullptr)
構造 QSslSocket 對象。 parent 被傳遞給 QObject 的構造函數。新套接字的 cipher 套件被設為 defaultCiphers() 靜態方法返迴之一。
[virtual noexcept]
QSslSocket::
~QSslSocket
()
銷毀 QSslSocket .
[static, since 6.1]
QString
QSslSocket::
activeBackend
()
Returns the name of the backend that QSslSocket and related classes use. If the active backend was not set explicitly, this function returns the name of a default backend that QSslSocket selects implicitly from the list of available backends.
注意: When selecting a default backend implicitly, QSslSocket prefers the OpenSSL backend if available. If it's not available, the Schannel backend is implicitly selected on Windows, and Secure Transport on Darwin platforms. Failing these, if a custom TLS backend is found, it is used. If no other backend is found, the "certificate only" backend is selected. For more information about TLS plugins, please see 從源代碼構建 Qt 時啓用/禁用 SSL 支持 .
該函數在 Qt 6.1 引入。
另請參閱 setActiveBackend () 和 availableBackends ().
[signal]
void
QSslSocket::
alertReceived
(
QSsl::AlertLevel
level
,
QSsl::AlertType
type
, const
QString
&
描述
)
QSslSocket 發射此信號,若從對等方收到警報消息。 level 告訴警報是緻命的,還是警告。 type 是解釋為什麼發送警報的代碼。當警報消息的文本描可用時,它的供給是在 description .
注意: The signal is mostly for informational and debugging purposes and does not require any handling in the application. If the alert was fatal, underlying backend will handle it and close the connection.
注意: 並非所有後端都支持此功能。
另請參閱 alertSent (), QSsl::AlertLevel ,和 QSsl::AlertType .
[signal]
void
QSslSocket::
alertSent
(
QSsl::AlertLevel
level
,
QSsl::AlertType
type
, const
QString
&
描述
)
QSslSocket 發射此信號,若警告消息已發送給對等方。 level 描述它是警告,還是緻命錯誤。 type 給齣警報消息代碼。當警報消息的文本描述可用時,它的供給是在 description .
注意: 此信號主要是情報,且可以用於調試目的,通常,不要求來自應用程序的任何動作。
注意: 並非所有後端都支持此功能。
另請參閱 alertReceived (), QSsl::AlertLevel ,和 QSsl::AlertType .
[override virtual]
bool
QSslSocket::
atEnd
() const
重實現: QIODevice::atEnd () const.
[static, since 6.1]
QList
<
QString
> QSslSocket::
availableBackends
()
Returns the names of the currently available backends. These names are in lower case, e.g. "openssl", "securetransport", "schannel" (similar to the already existing feature names for TLS backends in Qt).
該函數在 Qt 6.1 引入。
另請參閱 activeBackend ().
[override virtual]
qint64
QSslSocket::
bytesAvailable
() const
重實現: QAbstractSocket::bytesAvailable () const.
Returns the number of decrypted bytes that are immediately available for reading.
[override virtual]
qint64
QSslSocket::
bytesToWrite
() const
重實現: QAbstractSocket::bytesToWrite () const.
Returns the number of unencrypted bytes that are waiting to be encrypted and written to the network.
[override virtual]
bool
QSslSocket::
canReadLine
() const
重實現: QIODevice::canReadLine () const.
返迴
true
if you can read one while line (terminated by a single ASCII '\n' character) of decrypted characters; otherwise, false is returned.
[override virtual]
void
QSslSocket::
close
()
重實現: QAbstractSocket::close ().
啓動加密連接到設備 hostName on port ,使用 mode 作為 OpenMode 。這相當於調用 connectToHost () 以建立連接,緊隨其後調用 startClientEncryption ()。 protocol 參數可以用於指定要使用哪種網絡協議 (如 IPv4 或 IPv6)。
QSslSocket first enters the HostLookupState. Then, after entering either the event loop or one of the waitFor...() functions, it enters the ConnectingState, emits connected (),然後初啓 SSL 客戶端握手。每次狀態改變時, QSslSocket 發射信號 stateChanged ().
在初啓 SSL (安全套接字層) 客戶端握手後,若無法建立對等方身份,信號 sslErrors () is emitted. If you want to ignore the errors and continue connecting, you must call ignoreSslErrors (), either from inside a slot function connected to the sslErrors () signal, or prior to entering encrypted mode. If ignoreSslErrors () is not called, the connection is dropped, signal disconnected () is emitted, and QSslSocket returns to the UnconnectedState.
若 SSL (安全套接字層) 握手成功, QSslSocket 發射 encrypted ().
QSslSocket socket; connect(&socket, &QSslSocket::encrypted, receiver, &Receiver::socketEncrypted); socket.connectToHostEncrypted("imap", 993); socket->write("1 CAPABILITY\r\n");
注意: The example above shows that text can be written to the socket immediately after requesting the encrypted connection, before the encrypted () signal has been emitted. In such cases, the text is queued in the object and written to the socket after the connection is established and the encrypted () 信號已發射。
默認為 mode is ReadWrite .
若想要創建 QSslSocket on the server side of a connection, you should instead call startServerEncryption () upon receiving the incoming connection through QTcpServer .
另請參閱 connectToHost (), startClientEncryption (), waitForConnected (),和 waitForEncrypted ().
這是重載函數。
In addition to the original behaviour of connectToHostEncrypted, this overloaded method enables the usage of a different hostname ( sslPeerName ) for the certificate validation instead of the one used for the TCP connection ( hostName ).
另請參閱 connectToHostEncrypted ().
[since 6.0]
void
QSslSocket::
continueInterruptedHandshake
()
If an application wants to conclude a handshake even after receiving handshakeInterruptedOnError () signal, it must call this function. This call must be done from a slot function attached to the signal. The signal-slot connection must be direct.
該函數在 Qt 6.0 引入。
另請參閱 handshakeInterruptedOnError () 和 QSslConfiguration::setHandshakeMustInterruptOnError ().
[signal]
void
QSslSocket::
encrypted
()
此信號發射,當 QSslSocket 進入加密模式。在發射此信號後, QSslSocket::isEncrypted () 將返迴 true,且套接字的所有進一步傳輸都會被加密。
另請參閱 QSslSocket::connectToHostEncrypted () 和 QSslSocket::isEncrypted ().
Returns the number of encrypted bytes that are awaiting decryption. Normally, this function will return 0 because QSslSocket decrypts its incoming data as soon as it can.
Returns the number of encrypted bytes that are waiting to be written to the network.
[signal]
void
QSslSocket::
encryptedBytesWritten
(
qint64
written
)
此信號發射,當 QSslSocket writes its encrypted data to the network. The written parameter contains the number of bytes that were successfully written.
另請參閱 QIODevice::bytesWritten ().
[signal]
void
QSslSocket::
handshakeInterruptedOnError
(const
QSslError
&
error
)
QSslSocket 發射此信號,若發現證書驗證齣錯,且有啓用早期錯誤報告在 QSslConfiguration . An application is expected to inspect the error and decide if it wants to continue the handshake, or abort it and send an alert message to the peer. The signal-slot connection must be direct.
另請參閱 continueInterruptedHandshake (), sslErrors (),和 QSslConfiguration::setHandshakeMustInterruptOnError ().
[slot]
void
QSslSocket::
ignoreSslErrors
()
此槽告訴 QSslSocket 去忽略錯誤在 QSslSocket 的握手階段並繼續連接。若想要繼續連接即使在握手階段發生錯誤,必須調用此槽,或從連接槽到 sslErrors (),或在握手階段之前。若在響應齣錯或握手之前不調用此槽,連接將被丟棄當 sslErrors () 信號已發射。
If there are no errors during the SSL handshake phase (i.e., the identity of the peer is established with no problems), QSslSocket will not emit the sslErrors () signal, and it is unnecessary to call this function.
警告: 確保始終讓用戶審查報告的錯誤通過 sslErrors () 信號,且纔調用此方法 (當用戶確認後繼續進行是 OK 的)。若存在意外錯誤,連接應該被中止。不審查實際錯誤就調用此方法,很可能會給應用程序帶來安全風險。小心使用!
另請參閱 sslErrors ().
這是重載函數。
此方法告訴 QSslSocket 僅忽略的錯誤給齣於 errors .
注意: Because most SSL errors are associated with a certificate, for most of them you must set the expected certificate this SSL error is related to. If, for instance, you want to connect to a server that uses a self-signed certificate, consider the following snippet:
QList<QSslCertificate> cert = QSslCertificate::fromPath("server-certificate.pem"_L1); QSslError error(QSslError::SelfSignedCertificate, cert.at(0)); QList<QSslError> expectedSslErrors; expectedSslErrors.append(error); QSslSocket socket; socket.ignoreSslErrors(expectedSslErrors); socket.connectToHostEncrypted("server.tld", 443);
多次調用此函數將替換先前調用傳入錯誤列錶。可以清零想要忽略的錯誤列錶通過采用空列錶調用此函數。
另請參閱 sslErrors () 和 sslHandshakeErrors ().
[static, since 6.1]
QList
<
QSsl::ImplementedClass
> QSslSocket::
implementedClasses
(const
QString
&
backendName
= {})
This function returns backend-specific classes implemented by the backend named backendName . An empty backendName is understood as a query about the currently active backend.
該函數在 Qt 6.1 引入。
另請參閱 QSsl::ImplementedClass , activeBackend (),和 isClassImplemented ().
[static, since 6.1]
bool
QSslSocket::
isClassImplemented
(
QSsl::ImplementedClass
cl
, const
QString
&
backendName
= {})
Returns true if a class cl is implemented by the backend named backendName . An empty backendName is understood as a query about the currently active backend.
該函數在 Qt 6.1 引入。
另請參閱 implementedClasses ().
返迴
true
若套接字被加密;否則,false 被返迴。
加密套接字加密的所有數據的寫入是通過調用 write () 或 putChar () 在將數據寫入網絡前,並以數據形式解密從網絡收到的所有傳入數據,先於調用 read (), readLine () 或 getChar ().
QSslSocket 發射 encrypted () 當它進入加密模式時。
可以調用 sessionCipher () 以查找用於加密和解密數據的加密密碼。
另請參閱 mode ().
[static, since 6.1]
bool
QSslSocket::
isFeatureSupported
(
QSsl::SupportedFeature
ft
, const
QString
&
backendName
= {})
Returns true if a feature ft is supported by a backend named backendName . An empty backendName is understood as a query about the currently active backend.
該函數在 Qt 6.1 引入。
另請參閱 QSsl::SupportedFeature and supportedFeatures ().
[static, since 6.1]
bool
QSslSocket::
isProtocolSupported
(
QSsl::SslProtocol
protocol
, const
QString
&
backendName
= {})
返迴 true 若 protocol is supported by a backend named backendName . An empty backendName is understood as a query about the currently active backend.
該函數在 Qt 6.1 引入。
另請參閱 supportedProtocols ().
返迴套接字的本地 certificate ,或空證書若沒有賦值本地證書。
另請參閱 setLocalCertificate () 和 privateKey ().
返迴套接字的本地 certificate 鏈,或空列錶若沒有賦值本地證書。
另請參閱 setLocalCertificateChain ().
返迴用於套接字的當前模式; UnencryptedMode ,其中 QSslSocket 行為等同於 QTcpSocket ,或之一對於 SslClientMode or SslServerMode ,其中客戶端要麼處於協商模式,要麼處於加密模式。
當模式改變時, QSslSocket 發射 modeChanged ()
另請參閱 SslMode .
[signal]
void
QSslSocket::
modeChanged
(
QSslSocket::SslMode
mode
)
此信號發射,當 QSslSocket 改變從 QSslSocket::UnencryptedMode 到 QSslSocket::SslClientMode or QSslSocket::SslServerMode . mode 是新模式。
另請參閱 QSslSocket::mode ().
[signal]
void
QSslSocket::
newSessionTicketReceived
()
If TLS 1.3 protocol was negotiated during a handshake, QSslSocket emits this signal after receiving NewSessionTicket message. Session and session ticket's lifetime hint are updated in the socket's configuration. The session can be used for session resumption (and a shortened handshake) in future TLS connections.
注意: This functionality enabled only with OpenSSL backend and requires OpenSSL v 1.1.1 or above.
另請參閱 QSslSocket::sslConfiguration (), QSslConfiguration::sessionTicket (),和 QSslConfiguration::sessionTicketLifeTimeHint ().
This function returns Online Certificate Status Protocol responses that a server may send during a TLS handshake using OCSP stapling. The list is empty if no definitive response or no response at all was received.
另請參閱 QSslConfiguration::setOcspStaplingEnabled ().
Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.
The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic purposes. It contains information about the peer, including its host name, the certificate issuer, and the peer's public key.
Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the sslErrors () 信號或 encrypted () 信號。
If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.
若想要校驗對等方完整證書鏈,使用 peerCertificateChain () 以一次獲取它們所有。
另請參閱 peerCertificateChain ().
Returns the peer's chain of digital certificates, or an empty list of certificates.
Peer certificates are checked automatically during the handshake phase. This function is normally used to fetch certificates for display, or for performing connection diagnostics. Certificates contain information about the peer and the certificate issuers, including host name, issuer names, and issuer public keys.
The peer certificates are set in QSslSocket during the handshake phase, so it is safe to call this function from a slot connected to the sslErrors () 信號或 encrypted () 信號。
If an empty list is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.
若隻想獲得對等方即時證書,使用 peerCertificate ().
另請參閱 peerCertificate ().
Returns the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.
The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.
另請參閱 setPeerVerifyDepth () 和 peerVerifyMode ().
[signal]
void
QSslSocket::
peerVerifyError
(const
QSslError
&
error
)
QSslSocket 可以在 SSL 握手期間多次發射此信號,在建立加密之前,以指示當建立對等方的標識時有發生錯誤。 error 通常指示 QSslSocket 無法安全標識對等方。
此信號為您提供早期指示,當事情齣錯時。通過連接到此信號,可以手動選擇從連接槽內拆毀連接,在握手完成前。若不采取行動, QSslSocket 將繼續進行以發射 QSslSocket::sslErrors ().
另請參閱 sslErrors ().
Returns the socket's verify mode. This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.
默認模式為 AutoVerifyPeer ,其告訴 QSslSocket 要使用 VerifyPeer 對於客戶端和 QueryPeer 對於服務器。
另請參閱 setPeerVerifyMode (), peerVerifyDepth (),和 mode ().
Returns the different hostname for the certificate validation, as set by setPeerVerifyName 或通過 connectToHostEncrypted .
另請參閱 setPeerVerifyName () 和 connectToHostEncrypted ().
[signal]
void
QSslSocket::
preSharedKeyAuthenticationRequired
(
QSslPreSharedKeyAuthenticator
*
authenticator
)
QSslSocket 發射此信號當它協商 PSK (預共享密鑰) 密碼套件時,因此接著需要 PSK 身份驗證。
當使用 PSK 時,客戶端必須嚮服務器發送有效標識和有效 PSK (預共享密鑰) 以便 SSL 握手得以繼續。應用程序可以在此信號連接的槽中提供此信息,通過填入傳遞的 authenticator 對象根據需要。
注意: 忽略此信號或未能提供要求證書,將導緻握手失敗,因此連接將被中止。
注意: The authenticator 對象由套接字所擁有且不能被刪除通過應用程序。
另請參閱 QSslPreSharedKeyAuthenticator .
返迴此套接字的私鑰。
另請參閱 setPrivateKey () 和 localCertificate ().
返迴套接字的 SSL 協議。默認情況下, QSsl::SecureProtocols 被使用。
另請參閱 setProtocol ().
[override virtual protected]
qint64
QSslSocket::
readData
(
char
*
data
,
qint64
maxlen
)
重實現: QAbstractSocket::readData (char *data, qint64 maxSize).
[override virtual]
void
QSslSocket::
resume
()
重實現: QAbstractSocket::resume ().
Continues data transfer on the socket after it has been paused. If "setPauseMode( QAbstractSocket::PauseOnSslErrors );" has been called on this socket and a sslErrors () signal is received, calling this method is necessary for the socket to continue.
另請參閱 QAbstractSocket::pauseMode () 和 QAbstractSocket::setPauseMode ().
返迴套接字的加密 cipher , or a null cipher if the connection isn't encrypted. The socket's cipher for the session is set during the handshake phase. The cipher is used to encrypt and decrypt data transmitted through the socket.
QSslSocket also provides functions for setting the ordered list of ciphers from which the handshake phase will eventually select the session cipher. This ordered list must be in place before the handshake phase begins.
另請參閱 QSslConfiguration::ciphers (), QSslConfiguration::setCiphers (), QSslConfiguration::setCiphers (), QSslConfiguration::ciphers (),和 QSslConfiguration::supportedCiphers ().
Returns the socket's SSL/TLS protocol or UnknownProtocol if the connection isn't encrypted. The socket's protocol for the session is set during the handshake phase.
另請參閱 protocol () 和 setProtocol ().
[static, since 6.1]
bool
QSslSocket::
setActiveBackend
(const
QString
&
backendName
)
Returns true if a backend with name backendName was set as active backend. backendName must be one of names returned by availableBackends ().
注意: An application cannot mix different backends simultaneously. This implies that a non-default backend must be selected prior to any use of QSslSocket or related classes, e.g. QSslCertificate or QSslKey .
該函數在 Qt 6.1 引入。
另請參閱 activeBackend () 和 availableBackends ().
把套接字的本地證書設為 certificate . The local certificate is necessary if you need to confirm your identity to the peer. It is used together with the private key; if you set the local certificate, you must also set the private key.
The local certificate and private key are always necessary for server sockets, but are also rarely used by client sockets if the server requires the client to authenticate.
注意: Secure Transport SSL backend on macOS may update the default keychain (the default is probably your login keychain) by importing your local certificates and keys. This can also result in system dialogs showing up and asking for permission when your application is using these private keys. If such behavior is undesired, set the QT_SSL_USE_TEMPORARY_KEYCHAIN environment variable to a non-zero value; this will prompt QSslSocket to use its own temporary keychain.
另請參閱 localCertificate () 和 setPrivateKey ().
這是重載函數。
設置套接字的本地 certificate to the first one found in file path , which is parsed according to the specified format .
Sets the certificate chain to be presented to the peer during the SSL handshake to be localChain .
另請參閱 localCertificateChain () 和 QSslConfiguration::setLocalCertificateChain ().
Sets the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, to depth . Setting a depth of 0 means that no maximum depth is set, indicating that the whole certificate chain should be checked.
The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.
另請參閱 peerVerifyDepth () 和 setPeerVerifyMode ().
Sets the socket's verify mode to mode . This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.
默認模式為 AutoVerifyPeer ,其告訴 QSslSocket 要使用 VerifyPeer 對於客戶端和 QueryPeer 對於服務器。
Setting this mode after encryption has started has no effect on the current connection.
另請參閱 peerVerifyMode (), setPeerVerifyDepth (),和 mode ().
設置不同主機名,給定通過 hostName , for the certificate validation instead of the one used for the TCP connection.
另請參閱 peerVerifyName () 和 connectToHostEncrypted ().
設置套接字的私有 key to key . The private key and the local certificate are used by clients and servers that must prove their identity to SSL peers.
Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.
另請參閱 privateKey () 和 setLocalCertificate ().
這是重載函數。
讀取字符串在文件 fileName 並解碼它使用指定 algorithm 和編碼 format 以構造 SSL key . If the encoded key is encrypted, passPhrase is used to decrypt it.
The socket's private key is set to the constructed key. The private key and the local certificate are used by clients and servers that must prove their identity to SSL peers.
Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.
另請參閱 privateKey () 和 setLocalCertificate ().
將套接字的 SSL (安全套接字層) 協議設為 protocol 。這將影響下次初啓握手;在已加密套接字調用此函數,不會影響套接字協議。
另請參閱 protocol ().
[override virtual]
void
QSslSocket::
setReadBufferSize
(
qint64
size
)
重實現: QAbstractSocket::setReadBufferSize (qint64 size).
設置大小為 QSslSocket 的內部讀取緩衝到 size 字節。
[override virtual]
bool
QSslSocket::
setSocketDescriptor
(
qintptr
socketDescriptor
,
QAbstractSocket::SocketState
state
= ConnectedState,
QIODeviceBase::OpenMode
openMode
= ReadWrite)
重實現: QAbstractSocket::setSocketDescriptor (qintptr socketDescriptor, QAbstractSocket::SocketState socketState, QIODeviceBase::OpenMode openMode).
初始化
QSslSocket
采用本機套接字描述符
socketDescriptor
。返迴
true
if
socketDescriptor
被接受作為有效套接字描述符;否則返迴
false
。以指定模式打開套接字通過
openMode
,並進入指定套接字狀態通過
state
.
注意: 采用相同本機套接字描述符初始化 2 套接字是不可能的。
另請參閱 socketDescriptor ().
[override virtual]
void
QSslSocket::
setSocketOption
(
QAbstractSocket::SocketOption
option
, const
QVariant
&
value
)
重實現: QAbstractSocket::setSocketOption (QAbstractSocket::SocketOption option, const QVariant &value).
設置給定 option 到描述值 value .
另請參閱 socketOption ().
把套接字的 SSL 配置內容設為 configuration . This function sets the local certificate, the ciphers, the private key and the CA certificates to those stored in configuration .
設置 SSL (安全套接字層) 狀態相關字段是不可能的。
另請參閱 sslConfiguration (), setLocalCertificate (), setPrivateKey (), QSslConfiguration::setCaCertificates (),和 QSslConfiguration::setCiphers ().
[override virtual protected]
qint64
QSslSocket::
skipData
(
qint64
maxSize
)
重實現: QAbstractSocket::skipData (qint64 maxSize).
[override virtual]
QVariant
QSslSocket::
socketOption
(
QAbstractSocket::SocketOption
option
)
重實現: QAbstractSocket::socketOption (QAbstractSocket::SocketOption option).
返迴值為 option 選項。
另請參閱 setSocketOption ().
Returns the socket's SSL configuration state. The default SSL configuration of a socket is to use the default ciphers, default CA certificates, no local private key or certificate.
SSL 配置還包含沒有通知可以隨時改變的字段。
另請參閱 setSslConfiguration (), localCertificate (), peerCertificate (), peerCertificateChain (), sessionCipher (), privateKey (), QSslConfiguration::ciphers (),和 QSslConfiguration::caCertificates ().
[signal]
void
QSslSocket::
sslErrors
(const
QList
<
QSslError
> &
errors
)
QSslSocket 發射此信號在 SSL 握手之後以指示當建立對等方標識時有發生一個或多個錯誤。錯誤通常指示 QSslSocket 無法安全地識彆對等方。除非采取任何行動,連接將被丟棄在此信號被發射之後。
If you want to continue connecting despite the errors that have occurred, you must call QSslSocket::ignoreSslErrors () from inside a slot connected to this signal. If you need to access the error list at a later point, you can call sslHandshakeErrors ().
errors 包含一個或多個錯誤阻止 QSslSocket 驗證對等方身份。
注意: 不可以使用 Qt::QueuedConnection 當連接到此信號時,或調用 QSslSocket::ignoreSslErrors () 沒有起作用。
另請參閱 peerVerifyError ().
Returns a list of the last SSL errors that occurred. This is the same list as QSslSocket passes via the sslErrors () signal. If the connection has been encrypted with no errors, this function will return an empty list.
另請參閱 connectToHostEncrypted ().
[static]
long
QSslSocket::
sslLibraryBuildVersionNumber
()
Returns the version number of the SSL library in use at compile time. If no SSL support is available then this will return -1.
另請參閱 sslLibraryVersionNumber ().
[static]
QString
QSslSocket::
sslLibraryBuildVersionString
()
Returns the version string of the SSL library in use at compile time. If no SSL support is available then this will return an empty value.
另請參閱 sslLibraryVersionString ().
[static]
long
QSslSocket::
sslLibraryVersionNumber
()
Returns the version number of the SSL library in use. Note that this is the version of the library in use at run-time not compile time. If no SSL support is available then this will return -1.
[static]
QString
QSslSocket::
sslLibraryVersionString
()
Returns the version string of the SSL library in use. Note that this is the version of the library in use at run-time not compile time. If no SSL support is available then this will return an empty value.
[slot]
void
QSslSocket::
startClientEncryption
()
啓動延遲 SSL (安全套接字層) 握手為客戶端連接。可以調用此函數當套接字在 ConnectedState 但仍處於 UnencryptedMode 。若尚未連接 (或已加密),此函數不起作用。
有實現 STARTTLS 功能的客戶端經常使用延遲 SSL 握手。大多數其它客戶端可以避免直接調用此函數通過使用 connectToHostEncrypted () 代替,自動履行握手。
另請參閱 connectToHostEncrypted () 和 startServerEncryption ().
[slot]
void
QSslSocket::
startServerEncryption
()
Starts a delayed SSL handshake for a server connection. This function can be called when the socket is in the ConnectedState 但仍處於 UnencryptedMode . If it is not connected or it is already encrypted, the function has no effect.
For server sockets, calling this function is the only way to initiate the SSL handshake. Most servers will call this function immediately upon receiving a connection, or as a result of having received a protocol-specific command to enter SSL mode (e.g, the server may respond to receiving the string "STARTTLS\r\n" by calling this function).
實現 SSL 服務器的最常見方式是創建子類化的 QTcpServer 並重實現 QTcpServer::incomingConnection (). The returned socket descriptor is then passed to QSslSocket::setSocketDescriptor ().
另請參閱 connectToHostEncrypted () 和 startClientEncryption ().
[static, since 6.1]
QList
<
QSsl::SupportedFeature
> QSslSocket::
supportedFeatures
(const
QString
&
backendName
= {})
This function returns features supported by a backend named backendName . An empty backendName is understood as a query about the currently active backend.
該函數在 Qt 6.1 引入。
另請參閱 QSsl::SupportedFeature and activeBackend ().
[static, since 6.1]
QList
<
QSsl::SslProtocol
> QSslSocket::
supportedProtocols
(const
QString
&
backendName
= {})
若後端具有名稱 backendName is available, this function returns the list of TLS protocol versions supported by this backend. An empty backendName is understood as a query about the currently active backend. Otherwise, this function returns an empty list.
該函數在 Qt 6.1 引入。
另請參閱 availableBackends (), activeBackend (),和 isProtocolSupported ().
[static]
bool
QSslSocket::
supportsSsl
()
返迴
true
若此平颱支持 SSL;否則,返迴 false。若平颱不支持 SSL,套接字將在連接階段失敗。
[override virtual]
bool
QSslSocket::
waitForBytesWritten
(
int
msecs
= 30000)
重實現: QAbstractSocket::waitForBytesWritten (int msecs).
[override virtual]
bool
QSslSocket::
waitForConnected
(
int
msecs
= 30000)
重實現: QAbstractSocket::waitForConnected (int msecs).
等待直到套接字被連接或
msecs
毫秒,以先發生的為準。若連接已建立,此函數返迴
true
;否則返迴
false
.
另請參閱 QAbstractSocket::waitForConnected ().
[override virtual]
bool
QSslSocket::
waitForDisconnected
(
int
msecs
= 30000)
重實現: QAbstractSocket::waitForDisconnected (int msecs).
等待直到套接字已斷開連接或
msecs
毫秒,以先到的為準。若連接已斷開,此函數返迴
true
;否則返迴
false
.
另請參閱 QAbstractSocket::waitForDisconnected ().
等待直到套接字完成 SSL 握手且有發射 encrypted (),或 msecs 毫秒,以先到的為準。若 encrypted () 已發射,此函數返迴 true;否則 (如:套接字斷開連接,或 SSL 握手失敗) 返迴 false。
以下範例為加密套接字最多等待 1 秒:
socket->connectToHostEncrypted("imap", 993); if (socket->waitForEncrypted(1000)) qDebug("Encrypted!");
若 msecs 為 -1,此函數不會超時。
另請參閱 startClientEncryption (), startServerEncryption (), encrypted (),和 isEncrypted ().
[override virtual]
bool
QSslSocket::
waitForReadyRead
(
int
msecs
= 30000)
重實現: QAbstractSocket::waitForReadyRead (int msecs).
[override virtual protected]
qint64
QSslSocket::
writeData
(const
char
*
data
,
qint64
len
)
重實現: QAbstractSocket::writeData (const char *data, qint64 size).
[since 6.0]
枚舉類
AlertLevel
描述警報消息的級彆
此枚舉描述發送 (或接收) 的警報消息級彆。
| 常量 | 值 | 描述 |
|---|---|---|
QSslSocket::AlertLevel::Warning
|
0
|
非緻命警報消息 |
QSslSocket::AlertLevel::Fatal
|
1
|
緻命警報消息,底層後端會正確處理這種警報並關閉連接。 |
QSslSocket::AlertLevel::Unknown
|
2
|
未知嚴重級彆的警報。 |
該枚舉在 Qt 6.0 引入。
[since 6.0]
枚舉類
AlertType
枚舉警報消息可以擁有的可能代碼
見 RFC 8446,章節 6 瞭解可能的值及其含義。
| 常量 | 值 | 描述 |
|---|---|---|
QSslSocket::AlertType::CloseNotify
|
0
|
, |
QSslSocket::AlertType::UnexpectedMessage
|
10
|
|
QSslSocket::AlertType::BadRecordMac
|
20
|
|
QSslSocket::AlertType::RecordOverflow
|
22
|
|
QSslSocket::AlertType::DecompressionFailure
|
30
|
|
QSslSocket::AlertType::HandshakeFailure
|
40
|
|
QSslSocket::AlertType::NoCertificate
|
41
|
|
QSslSocket::AlertType::BadCertificate
|
42
|
|
QSslSocket::AlertType::UnsupportedCertificate
|
43
|
|
QSslSocket::AlertType::CertificateRevoked
|
44
|
|
QSslSocket::AlertType::CertificateExpired
|
45
|
|
QSslSocket::AlertType::CertificateUnknown
|
46
|
|
QSslSocket::AlertType::IllegalParameter
|
47
|
|
QSslSocket::AlertType::UnknownCa
|
48
|
|
QSslSocket::AlertType::AccessDenied
|
49
|
|
QSslSocket::AlertType::DecodeError
|
50
|
|
QSslSocket::AlertType::DecryptError
|
51
|
|
QSslSocket::AlertType::ExportRestriction
|
60
|
|
QSslSocket::AlertType::ProtocolVersion
|
70
|
|
QSslSocket::AlertType::InsufficientSecurity
|
71
|
|
QSslSocket::AlertType::InternalError
|
80
|
|
QSslSocket::AlertType::InappropriateFallback
|
86
|
|
QSslSocket::AlertType::UserCancelled
|
90
|
|
QSslSocket::AlertType::NoRenegotiation
|
100
|
|
QSslSocket::AlertType::MissingExtension
|
109
|
|
QSslSocket::AlertType::UnsupportedExtension
|
110
|
|
QSslSocket::AlertType::CertificateUnobtainable
|
111
|
|
QSslSocket::AlertType::UnrecognizedName
|
112
|
|
QSslSocket::AlertType::BadCertificateStatusResponse
|
113
|
|
QSslSocket::AlertType::BadCertificateHashValue
|
114
|
|
QSslSocket::AlertType::UnknownPskIdentity
|
115
|
|
QSslSocket::AlertType::CertificateRequired
|
116
|
|
QSslSocket::AlertType::NoApplicationProtocol
|
120
|
|
QSslSocket::AlertType::UnknownAlertMessage
|
255
|
該枚舉在 Qt 6.0 引入。
[since 6.1]
枚舉類
ImplementedClass
枚舉 TLS (傳輸層安全) 後端實現的類
在 QtNetwork , some classes have backend-specific implementation and thus can be left unimplemented. Enumerators in this enum indicate, which class has a working implementation in the backend.
| 常量 | 值 | 描述 |
|---|---|---|
QSslSocket::ImplementedClass::Key
|
0
|
類 QSslKey . |
QSslSocket::ImplementedClass::Certificate
|
1
|
類 QSslCertificate . |
QSslSocket::ImplementedClass::Socket
|
2
|
類 QSslSocket . |
QSslSocket::ImplementedClass::DiffieHellman
|
3
|
類 QSslDiffieHellmanParameters . |
QSslSocket::ImplementedClass::EllipticCurve
|
4
|
類 QSslEllipticCurve . |
QSslSocket::ImplementedClass::Dtls
|
5
|
類 QDtls . |
QSslSocket::ImplementedClass::DtlsCookie
|
6
|
類 QDtlsClientVerifier . |
該枚舉在 Qt 6.1 引入。
[since 6.1]
枚舉類
SupportedFeature
枚舉 TLS (傳輸層安全) 後端支持的可能特徵
在 QtNetwork TLS-related classes have public API, that may be left unimplemented by some backend, for example, our SecureTransport backend does not support server-side ALPN. Enumerators from SupportedFeature enum indicate that a particular feature is supported.
| 常量 | 值 | 描述 |
|---|---|---|
QSslSocket::SupportedFeature::CertificateVerification
|
0
|
指示 QSslCertificate::verify () 由後端實現。 |
QSslSocket::SupportedFeature::ClientSideAlpn
|
1
|
客戶端側 ALPN (應用程序層協議協商)。 |
QSslSocket::SupportedFeature::ServerSideAlpn
|
2
|
服務器側 ALPN (應用程序層協議協商)。 |
QSslSocket::SupportedFeature::Ocsp
|
3
|
OCSP (在綫證書狀態協議) 裝訂。 |
QSslSocket::SupportedFeature::Psk
|
4
|
PSK (預共享鍵)。 |
QSslSocket::SupportedFeature::SessionTicket
|
5
|
會話票證。 |
QSslSocket::SupportedFeature::Alerts
|
6
|
發送和收到的警報消息的有關信息。 |
該枚舉在 Qt 6.1 引入。