I am sending requests via QNetworkAccessManager::createRequest(Operation, QNetworkRequest, outgoingData). I'm required to verify that the fingerprint of the SSL-Certificate is the one I expect. Unfortunately the resulting QNetworkReply returns a peerCertificate with empty signature.
The Documentation states the following:
Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the sslErrors() signal or the encrypted() signal.
If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.
So the error might be that the connection is already closed. I cannot use the QNetworkAccessManager::sslErrors() Signal as this signal will not be emited when a SSL Proxy is used (this is what I want to prevent).
How do i obtain the Server's SSL-Certificate? Are there maybe more Signals which I have access to and where the Certificate is still available? Is there maybe another way to obtain the Certificate?
Update:
Now I am able to receive the correct Certificate by reacting to the QNetworkAccessManager::finished(QNetworkReply*) Signal. But unfortunately this signal is not emitted when sending AJAX-Request. For me it is mandatory to check the fingerprint of these Requests aswell. Any Ideas?
encryptedsignal and check thereply->sslCertificate()then? As I understand you, you already try to get the certificate directly after creating the request. But the request needs to be sent to know the server certificate, which only happens after the event loop was entered. Also, even iffinishedmight work for you, please note that the request data has been sent already, which you should avoid in case you want to refuse the certificate (depending on your security level). – leemes