Please check if the certificate at server is correct created and uses
ISRG Root X1 instead of DST Root CA X3
ekke
Am 05.10.21 um 19:29 schrieb maitai:
Hi all,
Since the Let's Encrypt root certificate expired, we have a few users
unable to initiate a SSL connexion (most of them on recent Windows 10
version, app built with qt 5.15.6, but also some linux cases). We are
using OpenSSL 1.1.1.
After some searches, we found out that the ca-certificates list is
empty in that cases. In some Linux occurrences, the list becomes
"loaded" after around 10 minutes, and all was fine until the user
restarts the application. In some other cases waiting does nothing to
fix the issue.
I must say that most users are OK, it impacted only a few of them, and
I was not able to find a common pattern like Windows version or so.
What we did finally to fix it is to force the loading of
CA-Certificates, that way, during the initialization of the application:
QSslConfiguration def = QSslConfiguration::defaultConfiguration();
def.setCaCertificates(QSslConfiguration::systemCaCertificates());
QSslConfiguration::setDefaultConfiguration(def);
And then all is fine.
I am still scratching my head about this though. Isn't it supposed to
be useless to do that? Any insight on what is going on there will be
appreciated.
Thanks
Philippe Lelong.
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
