How to enable ssl support for Qt?

I use some RSA encrypt/decrypt functions in openssl lib so I installed the latest openssl lib 1.1.0 and imported the lib into my Qt project. I thought  my Qt was ssl enabled until I met this error when calling QNetworkAccessManager::get to fetch an https url:

qt.network.ssl: QSslSocket::connectToHostEncrypted: TLS initialization failed

The error is obviously related to SSL. First, I tried to ignore this error by connecting the sslErrors signal of QNetworkAccessManager to a slot onsslerrors and ignore the ssl errors in the slot:

void onsslerrors(QNetworkReply * reply, const QList<QSslError> & errors)
{
    reply->ignoreSslErrors();
}

But the problem persisted. I searched the Internet for an answer and got this post. I printed the result of QSslSocket::supportsSsl() in my program and found it was false, which meant QSslSocket did not support SSL yet. It’s a little weird because I had added openssl lib to my project and deployed the openssl dll to the application directory, and my code using the lib worked well. Why the imported openssl does not support QSslSocket? I also printed the version of openssl that Qt libs were built with:

QSslSocket::sslLibraryBuildVersionString()

and found my Qt was built using openssl 1.0.2b. That is the reason that causes the problem. Qt was built using an old openssl version while I added the latest version of openssl in the project. The dll names have changed between the two versions. The old openssl uses libeay32.dll,libssl32.dll, and ssleay32.dll, while the new version uses libcrypto-1_1.dll and libssl-1_1.dll. I think maybe QSslSocket loads  libeay32.dll and ssleay32.dll by their name dynamically so it cannot find the required dlls. The solution is simple: install an old version of openssl and copy libeay32.dll and ssleay32.dll in the same directory of the application. Note that do not put the dlls in the qt working directory, otherwise Qt still cannot find them. Also pay attention to the 32bit/64bit issue. If you are developing a 32 bit application, you should use the 32 bit openssl dlls. A minor difference between the openssl version Qt is dependent on and the openssl version you install does not matter. For example, you can install openssl 1.0.2c and that version can also enable the Qt built with 1.0.2b. What matters is the dll name must match.

A tricky part is where to download the openssl dlls for Windows 10, 8, 7,xp, etc. The most famous website you can download the openssl for Window is slproweb, where you can download both 32bit and 64bit versions of the dlls. However, shipping the dlls with your program may bring you the trouble of a deployment problem. You’ll find the dlls(libeay32.dll/ssleay32.dll) depend on msvcr120.dll, which is not accompanied with the default installation of Windows(the installer of the slproweb openssl does install the Microsoft Visual Studio Runtime dll on your system). Without msvcr120.dll, your program can start but the ssl for qt is still not enabled. I think the best pre-built openssl lib for Windows may be the fulgan version which has no dependencies to the MSVC runtime dll. It also provides both i386 and x64 versions. You can find other pre-compiled Win32/64 openssl libraries here.  The problem of using the third-party openssl binaries is the safety issue. You need to take the risk yourself using them.

 

If you like my content, please consider buying me a coffee. Buy me a coffeeBuy me a coffee Thank you for your support!
Posted in

Leave a Reply