QSslServer Class

Implements an encrypted, secure TCP server over TLS. More...

Header: #include <QSslServer>
CMake: find_package(Qt6 REQUIRED COMPONENTS Network)
target_link_libraries(mytarget PRIVATE Qt6::Network)
qmake: QT += network
Since: Qt 6.4
Inherits: QTcpServer

Public Functions

QSslServer(QObject *parent = nullptr)
virtual ~QSslServer() override
int handshakeTimeout() const
void setHandshakeTimeout(int timeout)
void setSslConfiguration(const QSslConfiguration &sslConfiguration)
QSslConfiguration sslConfiguration() const

Signals

void alertReceived(QSslSocket *socket, QSsl::AlertLevel level, QSsl::AlertType type, const QString &description)
void alertSent(QSslSocket *socket, QSsl::AlertLevel level, QSsl::AlertType type, const QString &description)
void errorOccurred(QSslSocket *socket, QAbstractSocket::SocketError socketError)
void handshakeInterruptedOnError(QSslSocket *socket, const QSslError &error)
void peerVerifyError(QSslSocket *socket, const QSslError &error)
void preSharedKeyAuthenticationRequired(QSslSocket *socket, QSslPreSharedKeyAuthenticator *authenticator)
void sslErrors(QSslSocket *socket, const QList<QSslError> &errors)
void startedEncryptionHandshake(QSslSocket *socket)

Reimplemented Protected Functions

virtual void incomingConnection(qintptr socket) override

Detailed Description

Class to use in place of QTcpServer to implement TCP server using Transport Layer Security (TLS).

To configure the secure handshake settings, use the applicable setter functions on a QSslConfiguration object, and then use it as an argument to the setSslConfiguration() function. All following incoming connections handled will use these settings.

To start listening to incoming connections use the listen() function inherited from QTcpServer. Other settings can be configured by using the setter functions inherited from the QTcpServer class.

Connect to the signals of this class to respond to the incoming connection attempts. They are the same as the signals on QSslSocket, but also passes a pointer to the socket in question.

When responding to the pendingConnectionAvailable() signal, use the nextPendingConnection() function to fetch the next incoming connection and take it out of the pending connection queue. The QSslSocket is a child of the QSslServer and will be deleted when the QSslServer is deleted. It is still a good idea to destroy the object explicitly when you are done with it, to avoid wasting memory.

See also QTcpServer, QSslConfiguration, and QSslSocket.

Member Function Documentation

[explicit] QSslServer::QSslServer(QObject *parent = nullptr)

Constructs a new QSslServer with the given parent.

[override virtual noexcept] QSslServer::~QSslServer()

Destroys the QSslServer.

All open connections are closed.

[signal] void QSslServer::alertReceived(QSslSocket *socket, QSsl::AlertLevel level, QSsl::AlertType type, const QString &description)

QSslServer emits this signal if an alert message was received by the socket from a peer. level tells if the alert was fatal or it was a warning. type is the code explaining why the alert was sent. When a textual description of the alert message is available, it is supplied in description.

Note: The signal is mostly for informational and debugging purposes and does not require any handling in the application. If the alert was fatal, underlying backend will handle it and close the connection.

Note: Not all backends support this functionality.

See also alertSent(), QSsl::AlertLevel, and QSsl::AlertType.

[signal] void QSslServer::alertSent(QSslSocket *socket, QSsl::AlertLevel level, QSsl::AlertType type, const QString &description)

QSslServer emits this signal if an alert message was sent from socket to a peer. level describes if it was a warning or a fatal error. type gives the code of the alert message. When a textual description of the alert message is available, it is supplied in description.

Note: This signal is mostly informational and can be used for debugging purposes, normally it does not require any actions from the application.

Note: Not all backends support this functionality.

See also alertReceived(), QSsl::AlertLevel, and QSsl::AlertType.

[signal] void QSslServer::errorOccurred(QSslSocket *socket, QAbstractSocket::SocketError socketError)

This signal is emitted after an error occurred during handshake. The socketError parameter describes the type of error that occurred.

The socket is automatically deleted after this signal is emitted if the socket handshake has not reached encrypted state. But if the socket is successfully encrypted, it is inserted into the QSslServer's pending connections queue. When the user has called QTcpServer::nextPendingConnection() it is the user's responsibility to destroy the socket or the socket will not be destroyed until the QSslServer object is destroyed. If an error occurs on a socket after it has been inserted into the pending connections queue, this signal will not be emitted, and the socket will not be removed or destroyed.

Note: You cannot use Qt::QueuedConnection when connecting to this signal, or the socket will have been already destroyed when the signal is handled.

See also QSslSocket::error() and errorString().

[signal] void QSslServer::handshakeInterruptedOnError(QSslSocket *socket, const QSslError &error)

QSslServer emits this signal if a certificate verification error was found by socket and if early error reporting was enabled in QSslConfiguration. An application is expected to inspect the error and decide if it wants to continue the handshake, or abort it and send an alert message to the peer. The signal-slot connection must be direct.

See also QSslSocket::continueInterruptedHandshake(), sslErrors(), and QSslConfiguration::setHandshakeMustInterruptOnError().

int QSslServer::handshakeTimeout() const

Returns the currently configured handshake timeout.

See also setHandshakeTimeout().

[override virtual protected] void QSslServer::incomingConnection(qintptr socket)

Reimplements: QTcpServer::incomingConnection(qintptr socketDescriptor).

Called when a new connection is established.

Converts socket to a QSslSocket.

[signal] void QSslServer::peerVerifyError(QSslSocket *socket, const QSslError &error)

QSslServer can emit this signal several times during the SSL handshake, before encryption has been established, to indicate that an error has occurred while establishing the identity of the peer. The error is usually an indication that socket is unable to securely identify the peer.

This signal provides you with an early indication when something's wrong. By connecting to this signal, you can manually choose to tear down the connection from inside the connected slot before the handshake has completed. If no action is taken, QSslServer will proceed to emitting sslErrors().

See also sslErrors().

[signal] void QSslServer::preSharedKeyAuthenticationRequired(QSslSocket *socket, QSslPreSharedKeyAuthenticator *authenticator)

QSslServer emits this signal when socket negotiates a PSK ciphersuite, and therefore PSK authentication is then required.

When using PSK, the server must supply a valid identity and a valid pre shared key, in order for the SSL handshake to continue. Applications can provide this information in a slot connected to this signal, by filling in the passed authenticator object according to their needs.

Note: Ignoring this signal, or failing to provide the required credentials, will cause the handshake to fail, and therefore the connection to be aborted.

Note: The authenticator object is owned by the socket and must not be deleted by the application.

See also QSslPreSharedKeyAuthenticator.

void QSslServer::setHandshakeTimeout(int timeout)

Sets the timeout to use for all incoming handshakes, in milliseconds.

This is relevant in the scenario where a client, whether malicious or accidental, connects to the server but makes no attempt at communicating or initiating a handshake. QSslServer will then automatically end the connection after timeout milliseconds have elapsed.

By default the timeout is 5000 milliseconds (5 seconds).

Note: The underlying TLS framework may have their own timeout logic now or in the future, this function does not affect that.

Note: The timeout passed to this function will only apply to new connections. If a client is already connected it will use the timeout which was set when it connected.

See also handshakeTimeout().

void QSslServer::setSslConfiguration(const QSslConfiguration &sslConfiguration)

Sets the sslConfiguration to use for all following incoming connections.

This must be called before listen() to ensure that the desired configuration was in use during all handshakes.

See also sslConfiguration() and QSslSocket::setSslConfiguration().

QSslConfiguration QSslServer::sslConfiguration() const

Returns the current ssl configuration.

See also setSslConfiguration().

[signal] void QSslServer::sslErrors(QSslSocket *socket, const QList<QSslError> &errors)

QSslServer emits this signal after the SSL handshake to indicate that one or more errors have occurred while establishing the identity of the peer. The errors are usually an indication that socket is unable to securely identify the peer. Unless any action is taken, the connection will be dropped after this signal has been emitted.

If you want to continue connecting despite the errors that have occurred, you must call QSslSocket::ignoreSslErrors() from inside a slot connected to this signal. If you need to access the error list at a later point, you can call sslHandshakeErrors().

errors contains one or more errors that prevent QSslSocket from verifying the identity of the peer.

Note: You cannot use Qt::QueuedConnection when connecting to this signal, or calling QSslSocket::ignoreSslErrors() will have no effect.

See also peerVerifyError().

[signal] void QSslServer::startedEncryptionHandshake(QSslSocket *socket)

This signal is emitted when the client, connected to socket, initiates the TLS handshake.