> Sorry, I might be missing some critical piece of information: is it a browser > that is connecting to your websocket service? I thought it was a web view, > whose CA list you could control.
The most simple way to describe it this: A conventional html page (classical web browser) launches a websocket via wss://localhost:1234 and connects to a Qt application which hosts a QtWebsocket Server which binds to localhost:1234. This way I achieve communication between browser and app. Would love to stay with ws:// but modern CMS (well - websites in general) etc. require using SSL and mixed content is not working anymore. Best Alex -- http://www.carot.de Email : alexan...@carot.de Tel.: +49 (0)177 5719797 > Gesendet: Montag, 03. August 2020 um 19:49 Uhr > Von: "Thiago Macieira" <thiago.macie...@intel.com> > An: interest@qt-project.org > Betreff: Re: [Interest] wss:// on localhost > > On Sunday, 2 August 2020 16:09:32 PDT Hamish Moffatt wrote: > > On 3/8/20 9:05 am, Alexander Carôt wrote: > > >> I repeat: whatever you do, don't ship a private key. > > > > > > Allright - will consider alternative ideas. > > > > Consider generating your own root CA certificate and asking your users > > to install that in their browser. Then sign the site certificate (for a > > non-existent, non-registerable domain) with that. > > Sorry, I might be missing some critical piece of information: is it a browser > that is connecting to your websocket service? I thought it was a web view, > whose CA list you could control. > > If you can't programmatically control the CA list of the WS client, then I > don't see a secure solution. Doing what Hamish just suggested is not a good > idea either, as becoming a CA has huge implications. If you get hacked, then > your clients can get hacked too. And you become a target of hacks because > your > clients are installing your root CA. > > My suggestion of generating on each client works only so long as you control > both sides of the websocket connection (client and server). > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel DPG Cloud Engineering > > > > _______________________________________________ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest > _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
