I have a Qt application that can make an HTTPS request to our website in OSX 10.7, but with a 10.5.8 error with QSslError :: errorString "CA root certificate is not trusted for this purpose."
I install the root certificate:
QFile certFile1(":/Equifax_Secure_Certificate_Authority.pem.txt"); QSslCertificate cert1(&certFile1, QSsl::Pem); certList.append(cert1); QSslConfiguration sslConfig(request.sslConfiguration()); sslConfig.setCaCertificates(certList); request.setSslConfiguration(sslConfig);
If I installed any other certificate, I get two lines of errors. "The issuer certificate of the locally verified certificate cannot be found" AND "The CA root certificate is not trusted for this purpose", as on OSX 10.5.8 and 10.7. This is what I expect.
What makes Qt not trust Equifax certificate only on 10.5.8?
EDIT: Possible hint (or red herring): looking at the corresponding WireShark routes, client 10.5.8 does not include specifying the server name or TLS extension for the session in its client greeting.
EDIT 2: Building as 32-bit on 10.5.8 works. In addition, as universal (32 and 64-bit Intel) at 10.7 and works at 10.5.8, a link to 32-bit Qt libraries based on 10.5.8 works.
EDIT 3: I posted an example https://github.com/cdemel/SO_examples/tree/master/soqtssl using a different site (Twitter) and a root certificate, with the same behavior.
source share