QSslSocket Class Reference

The QSslSocket class provides an SSL encrypted socket for both clients and servers. More...

#include <qsslsocket.h>

Inheritance diagram for QSslSocket:

Collaboration diagram for QSslSocket:

Public Types
enum	SslMode { UnencryptedMode , SslClientMode , SslServerMode }
	Describes the connection modes available for QSslSocket. More...
enum	PeerVerifyMode { VerifyNone , QueryPeer , VerifyPeer , AutoVerifyPeer }
Public Types inherited from QAbstractSocket
enum	SocketType { TcpSocket , UdpSocket , SctpSocket , UnknownSocketType = -1 }
	This enum describes the transport layer protocol. More...
enum	SocketError {   ConnectionRefusedError , RemoteHostClosedError , HostNotFoundError , SocketAccessError ,   SocketResourceError , SocketTimeoutError , DatagramTooLargeError , NetworkError ,   AddressInUseError , SocketAddressNotAvailableError , UnsupportedSocketOperationError , UnfinishedSocketOperationError ,   ProxyAuthenticationRequiredError , SslHandshakeFailedError , ProxyConnectionRefusedError , ProxyConnectionClosedError ,   ProxyConnectionTimeoutError , ProxyNotFoundError , ProxyProtocolError , OperationError ,   SslInternalError , SslInvalidUserDataError , TemporaryError , UnknownSocketError = -1 }
	This enum describes the socket errors that can occur. More...
enum	SocketState {   UnconnectedState , HostLookupState , ConnectingState , ConnectedState ,   BoundState , ListeningState , ClosingState }
	This enum describes the different states in which a socket can be. More...
enum	SocketOption {   LowDelayOption , KeepAliveOption , MulticastTtlOption , MulticastLoopbackOption ,   TypeOfServiceOption , SendBufferSizeSocketOption , ReceiveBufferSizeSocketOption , PathMtuSocketOption }
enum	BindFlag { DefaultForPlatform = 0x0 , ShareAddress = 0x1 , DontShareAddress = 0x2 , ReuseAddressHint = 0x4 }
enum	PauseMode { PauseNever = 0x0 , PauseOnSslErrors = 0x1 }
using	NetworkLayerProtocol = QHostAddress::NetworkLayerProtocol
Public Types inherited from QIODeviceBase
enum	OpenModeFlag {   NotOpen = 0x0000 , ReadOnly = 0x0001 , WriteOnly = 0x0002 , ReadWrite = ReadOnly | WriteOnly ,   Append = 0x0004 , Truncate = 0x0008 , Text = 0x0010 , Unbuffered = 0x0020 ,   NewOnly = 0x0040 , ExistingOnly = 0x0080 }
	This enum is used with QIODevice::open() to describe the mode in which a device is opened. More...

Public Slots
void	startClientEncryption ()
	Starts a delayed SSL handshake for a client connection.
void	startServerEncryption ()
	Starts a delayed SSL handshake for a server connection.
void	ignoreSslErrors ()
	This slot tells QSslSocket to ignore errors during QSslSocket's handshake phase and continue connecting.
Public Slots inherited from QObject
void	deleteLater ()
	\threadsafe

Signals
void	encrypted ()
	This signal is emitted when QSslSocket enters encrypted mode.
void	peerVerifyError (const QSslError &error)
void	sslErrors (const QList< QSslError > &errors)
	QSslSocket emits this signal after the SSL handshake to indicate that one or more errors have occurred while establishing the identity of the peer.
void	modeChanged (QSslSocket::SslMode newMode)
	This signal is emitted when QSslSocket changes from \l QSslSocket::UnencryptedMode to either \l QSslSocket::SslClientMode or \l QSslSocket::SslServerMode.
void	encryptedBytesWritten (qint64 totalBytes)
void	preSharedKeyAuthenticationRequired (QSslPreSharedKeyAuthenticator *authenticator)
void	newSessionTicketReceived ()
void	alertSent (QSsl::AlertLevel level, QSsl::AlertType type, const QString &description)
	QSslSocket emits this signal if an alert message was sent to a peer.
void	alertReceived (QSsl::AlertLevel level, QSsl::AlertType type, const QString &description)
	QSslSocket emits this signal if an alert message was received from a peer.
void	handshakeInterruptedOnError (const QSslError &error)
	QSslSocket emits this signal if a certificate verification error was found and if early error reporting was enabled in QSslConfiguration.
Signals inherited from QAbstractSocket
void	hostFound ()
	This signal is emitted after connectToHost() has been called and the host lookup has succeeded.
void	connected ()
	This signal is emitted after connectToHost() has been called and a connection has been successfully established.
void	disconnected ()
	This signal is emitted when the socket has been disconnected.
void	stateChanged (QAbstractSocket::SocketState)
	This signal is emitted whenever QAbstractSocket's state changes.
void	errorOccurred (QAbstractSocket::SocketError)
void	proxyAuthenticationRequired (const QNetworkProxy &proxy, QAuthenticator *authenticator)
Signals inherited from QIODevice
void	readyRead ()
	This signal is emitted once every time new data is available for reading from the device's current read channel.
void	channelReadyRead (int channel)
void	bytesWritten (qint64 bytes)
	This signal is emitted every time a payload of data has been written to the device's current write channel.
void	channelBytesWritten (int channel, qint64 bytes)
void	aboutToClose ()
	This signal is emitted when the device is about to close.
void	readChannelFinished ()
Signals inherited from QObject
void	destroyed (QObject *=nullptr)
	This signal is emitted immediately before the object obj is destroyed, after any instances of QPointer have been notified, and cannot be blocked.
void	objectNameChanged (const QString &objectName, QPrivateSignal)
	This signal is emitted after the object's name has been changed.

Public Member Functions
	QSslSocket (QObject *parent=nullptr)
	Constructs a QSslSocket object.
	~QSslSocket ()
	Destroys the QSslSocket.
void	resume () override
	\reimp
void	connectToHostEncrypted (const QString &hostName, quint16 port, OpenMode mode=ReadWrite, NetworkLayerProtocol protocol=AnyIPProtocol)
	Starts an encrypted connection to the device hostName on port, using mode as the \l OpenMode.
void	connectToHostEncrypted (const QString &hostName, quint16 port, const QString &sslPeerName, OpenMode mode=ReadWrite, NetworkLayerProtocol protocol=AnyIPProtocol)
bool	setSocketDescriptor (qintptr socketDescriptor, SocketState state=ConnectedState, OpenMode openMode=ReadWrite) override
	Initializes QSslSocket with the native socket descriptor socketDescriptor.
void	connectToHost (const QString &hostName, quint16 port, OpenMode openMode=ReadWrite, NetworkLayerProtocol protocol=AnyIPProtocol) override
void	disconnectFromHost () override
virtual void	setSocketOption (QAbstractSocket::SocketOption option, const QVariant &value) override
virtual QVariant	socketOption (QAbstractSocket::SocketOption option) override
SslMode	mode () const
	Returns the current mode for the socket; either UnencryptedMode, where QSslSocket behaves identially to QTcpSocket, or one of SslClientMode or SslServerMode, where the client is either negotiating or in encrypted mode.
bool	isEncrypted () const
	Returns true if the socket is encrypted; otherwise, false is returned.
QSsl::SslProtocol	protocol () const
	Returns the socket's SSL protocol.
void	setProtocol (QSsl::SslProtocol protocol)
	Sets the socket's SSL protocol to protocol.
QSslSocket::PeerVerifyMode	peerVerifyMode () const
void	setPeerVerifyMode (QSslSocket::PeerVerifyMode mode)
int	peerVerifyDepth () const
void	setPeerVerifyDepth (int depth)
QString	peerVerifyName () const
void	setPeerVerifyName (const QString &hostName)
qint64	bytesAvailable () const override
	\reimp
qint64	bytesToWrite () const override
	\reimp
bool	canReadLine () const override
	\reimp
void	close () override
	\reimp
bool	atEnd () const override
	\reimp
void	setReadBufferSize (qint64 size) override
qint64	encryptedBytesAvailable () const
qint64	encryptedBytesToWrite () const
QSslConfiguration	sslConfiguration () const
void	setSslConfiguration (const QSslConfiguration &config)
void	setLocalCertificateChain (const QList< QSslCertificate > &localChain)
	Sets the certificate chain to be presented to the peer during the SSL handshake to be localChain.
QList< QSslCertificate >	localCertificateChain () const
	Returns the socket's local \l {QSslCertificate} {certificate} chain, or an empty list if no local certificates have been assigned.
void	setLocalCertificate (const QSslCertificate &certificate)
	Sets the socket's local certificate to certificate.
void	setLocalCertificate (const QString &fileName, QSsl::EncodingFormat format=QSsl::Pem)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Sets the socket's local \l {QSslCertificate} {certificate} to the first one found in file path, which is parsed according to the specified format.
QSslCertificate	localCertificate () const
	Returns the socket's local \l {QSslCertificate} {certificate}, or an empty certificate if no local certificate has been assigned.
QSslCertificate	peerCertificate () const
	Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.
QList< QSslCertificate >	peerCertificateChain () const
	Returns the peer's chain of digital certificates, or an empty list of certificates.
QSslCipher	sessionCipher () const
	Returns the socket's cryptographic \l {QSslCipher} {cipher}, or a null cipher if the connection isn't encrypted.
QSsl::SslProtocol	sessionProtocol () const
	Returns the socket's SSL/TLS protocol or UnknownProtocol if the connection isn't encrypted.
QList< QOcspResponse >	ocspResponses () const
void	setPrivateKey (const QSslKey &key)
	Sets the socket's private \l {QSslKey} {key} to key.
void	setPrivateKey (const QString &fileName, QSsl::KeyAlgorithm algorithm=QSsl::Rsa, QSsl::EncodingFormat format=QSsl::Pem, const QByteArray &passPhrase=QByteArray())
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Reads the string in file fileName and decodes it using a specified algorithm and encoding format to construct an \l {QSslKey} {SSL key}.
QSslKey	privateKey () const
	Returns this socket's private key.
bool	waitForConnected (int msecs=30000) override
	Waits until the socket is connected, or msecs milliseconds, whichever happens first.
bool	waitForEncrypted (int msecs=30000)
	Waits until the socket has completed the SSL handshake and has emitted encrypted(), or msecs milliseconds, whichever comes first.
bool	waitForReadyRead (int msecs=30000) override
	\reimp
bool	waitForBytesWritten (int msecs=30000) override
	\reimp
bool	waitForDisconnected (int msecs=30000) override
	Waits until the socket has disconnected or msecs milliseconds, whichever comes first.
QList< QSslError >	sslHandshakeErrors () const
void	ignoreSslErrors (const QList< QSslError > &errors)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
void	continueInterruptedHandshake ()
void	connectToHost (const QHostAddress &address, quint16 port, OpenMode mode=ReadWrite)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Attempts to make a connection to address on port port.
Public Member Functions inherited from QTcpSocket
	QTcpSocket (QObject *parent=nullptr)
	Creates a QTcpSocket object in state UnconnectedState.
virtual	~QTcpSocket ()
	Destroys the socket, closing the connection if necessary.
Public Member Functions inherited from QAbstractSocket
	QAbstractSocket (SocketType socketType, QObject *parent)
	Creates a new abstract socket of type socketType.
virtual	~QAbstractSocket ()
	Destroys the socket.
PauseModes	pauseMode () const
void	setPauseMode (PauseModes pauseMode)
virtual bool	bind (const QHostAddress &address, quint16 port=0, BindMode mode=DefaultForPlatform)
bool	bind (QHostAddress::SpecialAddress addr, quint16 port=0, BindMode mode=DefaultForPlatform)
bool	bind (quint16 port=0, BindMode mode=DefaultForPlatform)
void	connectToHost (const QHostAddress &address, quint16 port, OpenMode mode=ReadWrite)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Attempts to make a connection to address on port port.
bool	isValid () const
	Returns true if the socket is valid and ready for use; otherwise returns false.
quint16	localPort () const
	Returns the host port number (in native byte order) of the local socket if available; otherwise returns 0.
QHostAddress	localAddress () const
	Returns the host address of the local socket if available; otherwise returns QHostAddress::Null.
quint16	peerPort () const
	Returns the port of the connected peer if the socket is in ConnectedState; otherwise returns 0.
QHostAddress	peerAddress () const
	Returns the address of the connected peer if the socket is in ConnectedState; otherwise returns QHostAddress::Null.
QString	peerName () const
	Returns the name of the peer as specified by connectToHost(), or an empty QString if connectToHost() has not been called.
qint64	readBufferSize () const
	Returns the size of the internal read buffer.
void	abort ()
	Aborts the current connection and resets the socket.
virtual qintptr	socketDescriptor () const
	Returns the native socket descriptor of the QAbstractSocket object if this is available; otherwise returns -1.
SocketType	socketType () const
	Returns the socket type (TCP, UDP, or other).
SocketState	state () const
	Returns the state of the socket.
SocketError	error () const
	Returns the type of error that last occurred.
bool	isSequential () const override
	\reimp
bool	flush ()
	This function writes as much as possible from the internal write buffer to the underlying network socket, without blocking.
void	setProxy (const QNetworkProxy &networkProxy)
QNetworkProxy	proxy () const
QString	protocolTag () const
void	setProtocolTag (const QString &tag)
Public Member Functions inherited from QIODevice
	QIODevice ()
	Constructs a QIODevice object.
	QIODevice (QObject *parent)
	Constructs a QIODevice object with the given parent.
virtual	~QIODevice ()
	The destructor is virtual, and QIODevice is an abstract base class.
QIODeviceBase::OpenMode	openMode () const
	Returns the mode in which the device has been opened; i.e.
void	setTextModeEnabled (bool enabled)
	If enabled is true, this function sets the \l Text flag on the device; otherwise the \l Text flag is removed.
bool	isTextModeEnabled () const
	Returns true if the \l Text flag is enabled; otherwise returns false.
bool	isOpen () const
	Returns true if the device is open; otherwise returns false.
bool	isReadable () const
	Returns true if data can be read from the device; otherwise returns false.
bool	isWritable () const
	Returns true if data can be written to the device; otherwise returns false.
int	readChannelCount () const
int	writeChannelCount () const
int	currentReadChannel () const
void	setCurrentReadChannel (int channel)
int	currentWriteChannel () const
void	setCurrentWriteChannel (int channel)
virtual bool	open (QIODeviceBase::OpenMode mode)
	Opens the device and sets its OpenMode to mode.
virtual qint64	pos () const
	For random-access devices, this function returns the position that data is written to or read from.
virtual qint64	size () const
	For open random-access devices, this function returns the size of the device.
virtual bool	seek (qint64 pos)
	For random-access devices, this function sets the current position to pos, returning true on success, or false if an error occurred.
virtual bool	reset ()
	Seeks to the start of input for random-access devices.
qint64	read (char *data, qint64 maxlen)
	Reads at most maxSize bytes from the device into data, and returns the number of bytes read.
QByteArray	read (qint64 maxlen)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Reads at most maxSize bytes from the device, and returns the data read as a QByteArray.
QByteArray	readAll ()
	Reads all remaining data from the device, and returns it as a byte array.
qint64	readLine (char *data, qint64 maxlen)
	This function reads a line of ASCII characters from the device, up to a maximum of maxSize - 1 bytes, stores the characters in data, and returns the number of bytes read.
QByteArray	readLine (qint64 maxlen=0)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Reads a line from the device, but no more than maxSize characters, and returns the result as a byte array.
bool	readLineInto (QByteArray *result, qint64 maxlen=0)
void	startTransaction ()
void	commitTransaction ()
void	rollbackTransaction ()
bool	isTransactionStarted () const
qint64	write (const char *data, qint64 len)
	Writes at most maxSize bytes of data from data to the device.
qint64	write (const char *data)
qint64	write (const QByteArray &data)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Writes the content of data to the device.
qint64	peek (char *data, qint64 maxlen)
QByteArray	peek (qint64 maxlen)
qint64	skip (qint64 maxSize)
void	ungetChar (char c)
	Puts the character c back into the device, and decrements the current position unless the position is 0.
bool	putChar (char c)
	Writes the character c to the device.
bool	getChar (char *c)
	Reads one character from the device and stores it in c.
QString	errorString () const
	Returns a human-readable description of the last device error that occurred.
Public Member Functions inherited from QObject
Q_INVOKABLE	QObject (QObject *parent=nullptr)
	Constructs an object with parent object parent.
virtual	~QObject ()
	Destroys the object, deleting all its child objects.
virtual bool	event (QEvent *event)
	This virtual function receives events to an object and should return true if the event e was recognized and processed.
virtual bool	eventFilter (QObject *watched, QEvent *event)
	Filters events if this object has been installed as an event filter for the watched object.
QString	objectName () const
Q_WEAK_OVERLOAD void	setObjectName (const QString &name)
	Sets the object's name to name.
void	setObjectName (QAnyStringView name)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
QBindable< QString >	bindableObjectName ()
bool	isWidgetType () const
	Returns true if the object is a widget; otherwise returns false.
bool	isWindowType () const
	Returns true if the object is a window; otherwise returns false.
bool	isQuickItemType () const
	Returns true if the object is a QQuickItem; otherwise returns false.
bool	signalsBlocked () const noexcept
	Returns true if signals are blocked; otherwise returns false.
bool	blockSignals (bool b) noexcept
	If block is true, signals emitted by this object are blocked (i.e., emitting a signal will not invoke anything connected to it).
QThread *	thread () const
	Returns the thread in which the object lives.
bool	moveToThread (QThread *thread QT6_DECL_NEW_OVERLOAD_TAIL)
	Changes the thread affinity for this object and its children and returns true on success.
int	startTimer (int interval, Qt::TimerType timerType=Qt::CoarseTimer)
	This is an overloaded function that will start a timer of type timerType and a timeout of interval milliseconds.
int	startTimer (std::chrono::nanoseconds time, Qt::TimerType timerType=Qt::CoarseTimer)
void	killTimer (int id)
	Kills the timer with timer identifier, id.
void	killTimer (Qt::TimerId id)
template<typename T >
T	findChild (QAnyStringView aName, Qt::FindChildOptions options=Qt::FindChildrenRecursively) const
	Returns the child of this object that can be cast into type T and that is called name, or \nullptr if there is no such object.
template<typename T >
QList< T >	findChildren (QAnyStringView aName, Qt::FindChildOptions options=Qt::FindChildrenRecursively) const
	Returns all children of this object with the given name that can be cast to type T, or an empty list if there are no such objects.
template<typename T >
T	findChild (Qt::FindChildOptions options=Qt::FindChildrenRecursively) const
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
template<typename T >
QList< T >	findChildren (Qt::FindChildOptions options=Qt::FindChildrenRecursively) const
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
const QObjectList &	children () const
	Returns a list of child objects.
void	setParent (QObject *parent)
	Makes the object a child of parent.
void	installEventFilter (QObject *filterObj)
	Installs an event filter filterObj on this object.
void	removeEventFilter (QObject *obj)
	Removes an event filter object obj from this object.
QMetaObject::Connection	connect (const QObject *sender, const char *signal, const char *member, Qt::ConnectionType type=Qt::AutoConnection) const
bool	disconnect (const char *signal=nullptr, const QObject *receiver=nullptr, const char *member=nullptr) const
bool	disconnect (const QObject *receiver, const char *member=nullptr) const
void	dumpObjectTree () const
	Dumps a tree of children to the debug output.
void	dumpObjectInfo () const
	Dumps information about signal connections, etc.
bool	setProperty (const char *name, const QVariant &value)
	Sets the value of the object's name property to value.
bool	setProperty (const char *name, QVariant &&value)
QVariant	property (const char *name) const
	Returns the value of the object's name property.
QList< QByteArray >	dynamicPropertyNames () const
QBindingStorage *	bindingStorage ()
const QBindingStorage *	bindingStorage () const
QObject *	parent () const
	Returns a pointer to the parent object.
bool	inherits (const char *classname) const
	Returns true if this object is an instance of a class that inherits className or a QObject subclass that inherits className; otherwise returns false.

Static Public Member Functions
static bool	supportsSsl ()
	Returns true if this platform supports SSL; otherwise, returns false.
static long	sslLibraryVersionNumber ()
static QString	sslLibraryVersionString ()
static long	sslLibraryBuildVersionNumber ()
static QString	sslLibraryBuildVersionString ()
static QList< QString >	availableBackends ()
static QString	activeBackend ()
static bool	setActiveBackend (const QString &backendName)
static QList< QSsl::SslProtocol >	supportedProtocols (const QString &backendName={})
static bool	isProtocolSupported (QSsl::SslProtocol protocol, const QString &backendName={})
static QList< QSsl::ImplementedClass >	implementedClasses (const QString &backendName={})
static bool	isClassImplemented (QSsl::ImplementedClass cl, const QString &backendName={})
static QList< QSsl::SupportedFeature >	supportedFeatures (const QString &backendName={})
static bool	isFeatureSupported (QSsl::SupportedFeature feat, const QString &backendName={})
Static Public Member Functions inherited from QObject
static QMetaObject::Connection	connect (const QObject *sender, const char *signal, const QObject *receiver, const char *member, Qt::ConnectionType=Qt::AutoConnection)
	\threadsafe
static QMetaObject::Connection	connect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &method, Qt::ConnectionType type=Qt::AutoConnection)
template<typename Func1 , typename Func2 >
static QMetaObject::Connection	connect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, const typename QtPrivate::ContextTypeForFunctor< Func2 >::ContextType *context, Func2 &&slot, Qt::ConnectionType type=Qt::AutoConnection)
template<typename Func1 , typename Func2 >
static QMetaObject::Connection	connect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, Func2 &&slot)
static bool	disconnect (const QObject *sender, const char *signal, const QObject *receiver, const char *member)
	\threadsafe
static bool	disconnect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &member)
static bool	disconnect (const QMetaObject::Connection &)
	Disconnect a connection.
template<typename Func1 , typename Func2 >
static bool	disconnect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, const typename QtPrivate::FunctionPointer< Func2 >::Object *receiver, Func2 slot)
template<typename Func1 >
static bool	disconnect (const typename QtPrivate::FunctionPointer< Func1 >::Object *sender, Func1 signal, const QObject *receiver, void **zero)

Protected Member Functions
qint64	readData (char *data, qint64 maxlen) override
	\reimp
qint64	skipData (qint64 maxSize) override
	\reimp
qint64	writeData (const char *data, qint64 len) override
	\reimp
Protected Member Functions inherited from QTcpSocket
	QTcpSocket (QTcpSocketPrivate &dd, QObject *parent=nullptr)
	QTcpSocket (QAbstractSocket::SocketType socketType, QTcpSocketPrivate &dd, QObject *parent=nullptr)
Protected Member Functions inherited from QAbstractSocket
qint64	readLineData (char *data, qint64 maxlen) override
	\reimp
void	setSocketState (SocketState state)
	Sets the state of the socket to state.
void	setSocketError (SocketError socketError)
	Sets the type of error that last occurred to socketError.
void	setLocalPort (quint16 port)
void	setLocalAddress (const QHostAddress &address)
void	setPeerPort (quint16 port)
void	setPeerAddress (const QHostAddress &address)
void	setPeerName (const QString &name)
	QAbstractSocket (SocketType socketType, QAbstractSocketPrivate &dd, QObject *parent=nullptr)
Protected Member Functions inherited from QIODevice
	QIODevice (QIODevicePrivate &dd, QObject *parent=nullptr)
void	setOpenMode (QIODeviceBase::OpenMode openMode)
	Sets the OpenMode of the device to openMode.
void	setErrorString (const QString &errorString)
	Sets the human readable description of the last device error that occurred to str.
Protected Member Functions inherited from QObject
QObject *	sender () const
	Returns a pointer to the object that sent the signal, if called in a slot activated by a signal; otherwise it returns \nullptr.
int	senderSignalIndex () const
int	receivers (const char *signal) const
	Returns the number of receivers connected to the signal.
bool	isSignalConnected (const QMetaMethod &signal) const
virtual void	timerEvent (QTimerEvent *event)
	This event handler can be reimplemented in a subclass to receive timer events for the object.
virtual void	childEvent (QChildEvent *event)
	This event handler can be reimplemented in a subclass to receive child events.
virtual void	customEvent (QEvent *event)
	This event handler can be reimplemented in a subclass to receive custom events.
virtual void	connectNotify (const QMetaMethod &signal)
virtual void	disconnectNotify (const QMetaMethod &signal)
	QObject (QObjectPrivate &dd, QObject *parent=nullptr)
Protected Member Functions inherited from QIODeviceBase
	~QIODeviceBase ()=default

Additional Inherited Members
Static Public Attributes inherited from QAbstractSocket
static constexpr auto	IPv4Protocol = QHostAddress::IPv4Protocol
static constexpr auto	IPv6Protocol = QHostAddress::IPv6Protocol
static constexpr auto	AnyIPProtocol = QHostAddress::AnyIPProtocol
static constexpr auto	UnknownNetworkLayerProtocol = QHostAddress::UnknownNetworkLayerProtocol
Protected Attributes inherited from QObject
QScopedPointer< QObjectData >	d_ptr
Properties inherited from QObject
QString	objectName
	the name of this object
Related Symbols inherited from QObject
template< class T > T	qobject_cast (const QObject *object)
	Returns the given object cast to type T if the object is of type T (or of a subclass); otherwise returns \nullptr.
template< typename T > T	qFindChildqFindChildren (const QObject *obj, const QString &name)()
template< typename T > QList< T >	qFindChildrenqFindChildren (const QObject *obj, const QString &name)()
	QObjectList
	\macro Q_CLASSINFO(Name, Value)

Detailed Description

The QSslSocket class provides an SSL encrypted socket for both clients and servers.

Since

4.3

\reentrant

\inmodule QtNetwork

QSslSocket establishes a secure, encrypted TCP connection you can use for transmitting encrypted data. It can operate in both client and server mode, and it supports modern TLS protocols, including TLS 1.3. By default, QSslSocket uses only TLS protocols which are considered to be secure (QSsl::SecureProtocols), but you can change the TLS protocol by calling setProtocol() as long as you do it before the handshake has started.

SSL encryption operates on top of the existing TCP stream after the socket enters the ConnectedState. There are two simple ways to establish a secure connection using QSslSocket: With an immediate SSL handshake, or with a delayed SSL handshake occurring after the connection has been established in unencrypted mode.

The most common way to use QSslSocket is to construct an object and start a secure connection by calling connectToHostEncrypted(). This method starts an immediate SSL handshake once the connection has been established.

QSslSocket *socket = new QSslSocket(this);
connect(socket, &QSslSocket::encrypted, this, &Receiver::ready);
 
socket->connectToHostEncrypted("imap.example.com", 993);

As with a plain QTcpSocket, QSslSocket enters the HostLookupState, ConnectingState, and finally the ConnectedState, if the connection is successful. The handshake then starts automatically, and if it succeeds, the encrypted() signal is emitted to indicate the socket has entered the encrypted state and is ready for use.

Note that data can be written to the socket immediately after the return from connectToHostEncrypted() (i.e., before the encrypted() signal is emitted). The data is queued in QSslSocket until after the encrypted() signal is emitted.

An example of using the delayed SSL handshake to secure an existing connection is the case where an SSL server secures an incoming connection. Suppose you create an SSL server class as a subclass of QTcpServer. You would override QTcpServer::incomingConnection() with something like the example below, which first constructs an instance of QSslSocket and then calls setSocketDescriptor() to set the new socket's descriptor to the existing one passed in. It then initiates the SSL handshake by calling startServerEncryption().

void SslServer::incomingConnection(qintptr socketDescriptor)
{
    QSslSocket *serverSocket = new QSslSocket;
    if (serverSocket->setSocketDescriptor(socketDescriptor)) {
        addPendingConnection(serverSocket);
        connect(serverSocket, &QSslSocket::encrypted, this, &SslServer::ready);
        serverSocket->startServerEncryption();
    } else {
        delete serverSocket;
    }
}

If an error occurs, QSslSocket emits the sslErrors() signal. In this case, if no action is taken to ignore the error(s), the connection is dropped. To continue, despite the occurrence of an error, you can call ignoreSslErrors(), either from within this slot after the error occurs, or any time after construction of the QSslSocket and before the connection is attempted. This will allow QSslSocket to ignore the errors it encounters when establishing the identity of the peer. Ignoring errors during an SSL handshake should be used with caution, since a fundamental characteristic of secure connections is that they should be established with a successful handshake.

Once encrypted, you use QSslSocket as a regular QTcpSocket. When readyRead() is emitted, you can call read(), canReadLine() and readLine(), or getChar() to read decrypted data from QSslSocket's internal buffer, and you can call write() or putChar() to write data back to the peer. QSslSocket will automatically encrypt the written data for you, and emit encryptedBytesWritten() once the data has been written to the peer.

As a convenience, QSslSocket supports QTcpSocket's blocking functions waitForConnected(), waitForReadyRead(), waitForBytesWritten(), and waitForDisconnected(). It also provides waitForEncrypted(), which will block the calling thread until an encrypted connection has been established.

QSslSocket socket;
socket.connectToHostEncrypted("http.example.com", 443);
if (!socket.waitForEncrypted()) {
    qDebug() << socket.errorString();
    return false;
}
 
socket.write("GET / HTTP/1.0\r\n\r\n");
while (socket.waitForReadyRead())
    qDebug() << socket.readAll().data();

QSslSocket provides an extensive, easy-to-use API for handling cryptographic ciphers, private keys, and local, peer, and Certification Authority (CA) certificates. It also provides an API for handling errors that occur during the handshake phase.

The following features can also be customized:

\list

• The socket's cryptographic cipher suite can be customized before the handshake phase with QSslConfiguration::setCiphers().
• The socket's local certificate and private key can be customized before the handshake phase with setLocalCertificate() and setPrivateKey().
• The CA certificate database can be extended and customized with QSslConfiguration::addCaCertificate(), QSslConfiguration::addCaCertificates(). \endlist

To extend the list of default CA certificates used by the SSL sockets during the SSL handshake you must update the default configuration, as in the snippet below:

QList<QSslCertificate> certificates = getCertificates();
QSslConfiguration configuration = QSslConfiguration::defaultConfiguration();
configuration.addCaCertificates(certificates);
QSslConfiguration::setDefaultConfiguration(configuration);

Note

If available, root certificates on Unix (excluding \macos) will be loaded on demand from the standard certificate directories. If you do not want to load root certificates on demand, you need to call either QSslConfiguration::defaultConfiguration().setCaCertificates() before the first SSL handshake is made in your application (for example, via passing QSslSocket::systemCaCertificates() to it), or call QSslConfiguration::defaultConfiguration()::setCaCertificates() on your QSslSocket instance prior to the SSL handshake.

For more information about ciphers and certificates, refer to QSslCipher and QSslCertificate.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (\l{http://www.openssl.org/}).

Note

Be aware of the difference between the bytesWritten() signal and the encryptedBytesWritten() signal. For a QTcpSocket, bytesWritten() will get emitted as soon as data has been written to the TCP socket. For a QSslSocket, bytesWritten() will get emitted when the data is being encrypted and encryptedBytesWritten() will get emitted as soon as data has been written to the TCP socket.

See also

QSslCertificate, QSslCipher, QSslError

Definition at line 28 of file qsslsocket.h.

Member Enumeration Documentation

PeerVerifyMode

enum QSslSocket::PeerVerifyMode

Since

4.4

Describes the peer verification modes for QSslSocket. The default mode is AutoVerifyPeer, which selects an appropriate mode depending on the socket's QSocket::SslMode.

\value VerifyNone QSslSocket will not request a certificate from the peer. You can set this mode if you are not interested in the identity of the other side of the connection. The connection will still be encrypted, and your socket will still send its local certificate to the peer if it's requested.

\value QueryPeer QSslSocket will request a certificate from the peer, but does not require this certificate to be valid. This is useful when you want to display peer certificate details to the user without affecting the actual SSL handshake. This mode is the default for servers. Note: In Schannel this value acts the same as VerifyNone.

\value VerifyPeer QSslSocket will request a certificate from the peer during the SSL handshake phase, and requires that this certificate is valid. On failure, QSslSocket will emit the QSslSocket::sslErrors() signal. This mode is the default for clients.

\value AutoVerifyPeer QSslSocket will automatically use QueryPeer for server sockets and VerifyPeer for client sockets.

See also

QSslSocket::peerVerifyMode()

Enumerator
VerifyNone
QueryPeer
VerifyPeer
AutoVerifyPeer

Definition at line 40 of file qsslsocket.h.

SslMode

enum QSslSocket::SslMode

Describes the connection modes available for QSslSocket.

\value UnencryptedMode The socket is unencrypted. Its behavior is identical to QTcpSocket.

\value SslClientMode The socket is a client-side SSL socket. It is either already encrypted, or it is in the SSL handshake phase (see QSslSocket::isEncrypted()).

\value SslServerMode The socket is a server-side SSL socket. It is either already encrypted, or it is in the SSL handshake phase (see QSslSocket::isEncrypted()).

Enumerator
UnencryptedMode
SslClientMode
SslServerMode

Definition at line 33 of file qsslsocket.h.

Constructor & Destructor Documentation

QSslSocket()

QSslSocket::QSslSocket ( QObject * parent = nullptr )

explicit

Constructs a QSslSocket object.

parent is passed to QObject's constructor. The new socket's \l {QSslCipher} {cipher} suite is set to the one returned by the static method defaultCiphers().

Definition at line 398 of file qsslsocket.cpp.

~QSslSocket()

QSslSocket::~QSslSocket

(

)

Destroys the QSslSocket.

Definition at line 412 of file qsslsocket.cpp.

Member Function Documentation

activeBackend()

QString QSslSocket::activeBackend ( )

static

Since

6.1 Returns the name of the backend that QSslSocket and related classes use. If the active backend was not set explicitly, this function returns the name of a default backend that QSslSocket selects implicitly from the list of available backends.

Note

When selecting a default backend implicitly, QSslSocket prefers the OpenSSL backend if available. If it's not available, the Schannel backend is implicitly selected on Windows, and Secure Transport on Darwin platforms. Failing these, if a custom TLS backend is found, it is used. If no other backend is found, the "certificate only" backend is selected. For more information about TLS plugins, please see \l {Enabling and Disabling SSL Support when Building Qt from Source}.

See also

setActiveBackend(), availableBackends()

Definition at line 1556 of file qsslsocket.cpp.

alertReceived

void QSslSocket::alertReceived ( QSsl::AlertLevel level, QSsl::AlertType type, const QString & description )

signal

QSslSocket emits this signal if an alert message was received from a peer.

level tells if the alert was fatal or it was a warning. type is the code explaining why the alert was sent. When a textual description of the alert message is available, it is supplied in description.

Note

The signal is mostly for informational and debugging purposes and does not require any handling in the application. If the alert was fatal, underlying backend will handle it and close the connection.

Not all backends support this functionality.

See also

alertSent(), QSsl::AlertLevel, QSsl::AlertType

alertSent

void QSslSocket::alertSent ( QSsl::AlertLevel level, QSsl::AlertType type, const QString & description )

signal

QSslSocket emits this signal if an alert message was sent to a peer.

level describes if it was a warning or a fatal error. type gives the code of the alert message. When a textual description of the alert message is available, it is supplied in description.

Note

This signal is mostly informational and can be used for debugging purposes, normally it does not require any actions from the application.

Not all backends support this functionality.

See also

alertReceived(), QSsl::AlertLevel, QSsl::AlertType

atEnd()

bool QSslSocket::atEnd ( ) const

overridevirtual

\reimp

Reimplemented from QIODevice.

Definition at line 890 of file qsslsocket.cpp.

availableBackends()

QList< QString > QSslSocket::availableBackends ( )

static

Since

6.1 Returns the names of the currently available backends. These names are in lower case, e.g. "openssl", "securetransport", "schannel" (similar to the already existing feature names for TLS backends in Qt).

See also

activeBackend()

Definition at line 1534 of file qsslsocket.cpp.

bytesAvailable()

qint64 QSslSocket::bytesAvailable ( ) const

overridevirtual

\reimp

Returns the number of decrypted bytes that are immediately available for reading.

Reimplemented from QAbstractSocket.

Definition at line 791 of file qsslsocket.cpp.

bytesToWrite()

qint64 QSslSocket::bytesToWrite ( ) const

overridevirtual

\reimp

Returns the number of unencrypted bytes that are waiting to be encrypted and written to the network.

Reimplemented from QAbstractSocket.

Definition at line 805 of file qsslsocket.cpp.

canReadLine()

bool QSslSocket::canReadLine ( ) const

overridevirtual

\reimp

Returns true if you can read one while line (terminated by a single ASCII '\n' character) of decrypted characters; otherwise, false is returned.

Reimplemented from QIODevice.

Definition at line 848 of file qsslsocket.cpp.

close()

void QSslSocket::close ( )

overridevirtual

\reimp

Reimplemented from QAbstractSocket.

Definition at line 859 of file qsslsocket.cpp.

connectToHost() [1/2]

void QAbstractSocket::connectToHost	(	const QHostAddress &	address,
		quint16	port,
		OpenMode	mode = ReadWrite )

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Attempts to make a connection to address on port port.

Definition at line 142 of file qabstractsocket.cpp.

connectToHost() [2/2]

void QSslSocket::connectToHost ( const QString & hostName, quint16 port, OpenMode openMode = ReadWrite, NetworkLayerProtocol protocol = AnyIPProtocol )

overridevirtual

Reimplemented from QAbstractSocket.

Definition at line 1848 of file qsslsocket.cpp.

connectToHostEncrypted() [1/2]

void QSslSocket::connectToHostEncrypted	(	const QString &	hostName,
		quint16	port,
		const QString &	sslPeerName,
		OpenMode	mode = ReadWrite,
		NetworkLayerProtocol	protocol = AnyIPProtocol )

Since

4.6 This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

In addition to the original behaviour of connectToHostEncrypted, this overloaded method enables the usage of a different hostname (sslPeerName) for the certificate validation instead of the one used for the TCP connection (hostName).

See also

connectToHostEncrypted()

Definition at line 522 of file qsslsocket.cpp.

connectToHostEncrypted() [2/2]

void QSslSocket::connectToHostEncrypted	(	const QString &	hostName,
		quint16	port,
		OpenMode	mode = ReadWrite,
		NetworkLayerProtocol	protocol = AnyIPProtocol )

Starts an encrypted connection to the device hostName on port, using mode as the \l OpenMode.

This is equivalent to calling connectToHost() to establish the connection, followed by a call to startClientEncryption(). The protocol parameter can be used to specify which network protocol to use (eg. IPv4 or IPv6).

QSslSocket first enters the HostLookupState. Then, after entering either the event loop or one of the waitFor...() functions, it enters the ConnectingState, emits connected(), and then initiates the SSL client handshake. At each state change, QSslSocket emits signal stateChanged().

After initiating the SSL client handshake, if the identity of the peer can't be established, signal sslErrors() is emitted. If you want to ignore the errors and continue connecting, you must call ignoreSslErrors(), either from inside a slot function connected to the sslErrors() signal, or prior to entering encrypted mode. If ignoreSslErrors() is not called, the connection is dropped, signal disconnected() is emitted, and QSslSocket returns to the UnconnectedState.

If the SSL handshake is successful, QSslSocket emits encrypted().

QSslSocket socket;
connect(&socket, &QSslSocket::encrypted, receiver, &Receiver::socketEncrypted);
 
socket.connectToHostEncrypted("imap", 993);
socket->write("1 CAPABILITY\r\n");

Note

The example above shows that text can be written to the socket immediately after requesting the encrypted connection, before the encrypted() signal has been emitted. In such cases, the text is queued in the object and written to the socket after the connection is established and the encrypted() signal has been emitted.

The default for mode is \l ReadWrite.

If you want to create a QSslSocket on the server side of a connection, you should instead call startServerEncryption() upon receiving the incoming connection through QTcpServer.

See also

connectToHost(), startClientEncryption(), waitForConnected(), waitForEncrypted()

Definition at line 484 of file qsslsocket.cpp.

continueInterruptedHandshake()

void QSslSocket::continueInterruptedHandshake

(

)

Since

6.0

If an application wants to conclude a handshake even after receiving handshakeInterruptedOnError() signal, it must call this function. This call must be done from a slot function attached to the signal. The signal-slot connection must be direct.

See also

handshakeInterruptedOnError(), QSslConfiguration::setHandshakeMustInterruptOnError()

Definition at line 1838 of file qsslsocket.cpp.

disconnectFromHost()

void QSslSocket::disconnectFromHost ( )

overridevirtual

Reimplemented from QAbstractSocket.

Definition at line 1879 of file qsslsocket.cpp.

encrypted

void QSslSocket::encrypted ( )

signal

This signal is emitted when QSslSocket enters encrypted mode.

After this signal has been emitted, QSslSocket::isEncrypted() will return true, and all further transmissions on the socket will be encrypted.

See also

QSslSocket::connectToHostEncrypted(), QSslSocket::isEncrypted()

encryptedBytesAvailable()

qint64 QSslSocket::encryptedBytesAvailable

(

)

const

Since

4.4

Returns the number of encrypted bytes that are awaiting decryption. Normally, this function will return 0 because QSslSocket decrypts its incoming data as soon as it can.

Definition at line 820 of file qsslsocket.cpp.

encryptedBytesToWrite()

qint64 QSslSocket::encryptedBytesToWrite

(

)

const

Since

4.4

Returns the number of encrypted bytes that are waiting to be written to the network.

Definition at line 834 of file qsslsocket.cpp.

encryptedBytesWritten

void QSslSocket::encryptedBytesWritten ( qint64 written )

signal

Since

4.4

This signal is emitted when QSslSocket writes its encrypted data to the network. The written parameter contains the number of bytes that were successfully written.

See also

QIODevice::bytesWritten()

handshakeInterruptedOnError

void QSslSocket::handshakeInterruptedOnError ( const QSslError & error )

signal

QSslSocket emits this signal if a certificate verification error was found and if early error reporting was enabled in QSslConfiguration.

An application is expected to inspect the error and decide if it wants to continue the handshake, or abort it and send an alert message to the peer. The signal-slot connection must be direct.

See also

continueInterruptedHandshake(), sslErrors(), QSslConfiguration::setHandshakeMustInterruptOnError()

ignoreSslErrors [1/2]

void QSslSocket::ignoreSslErrors ( )

slot

This slot tells QSslSocket to ignore errors during QSslSocket's handshake phase and continue connecting.

If you want to continue with the connection even if errors occur during the handshake phase, then you must call this slot, either from a slot connected to sslErrors(), or before the handshake phase. If you don't call this slot, either in response to errors or before the handshake, the connection will be dropped after the sslErrors() signal has been emitted.

If there are no errors during the SSL handshake phase (i.e., the identity of the peer is established with no problems), QSslSocket will not emit the sslErrors() signal, and it is unnecessary to call this function.

Warning

Be sure to always let the user inspect the errors reported by the sslErrors() signal, and only call this method upon confirmation from the user that proceeding is ok. If there are unexpected errors, the connection should be aborted. Calling this method without inspecting the actual errors will most likely pose a security risk for your application. Use it with great care!

See also

sslErrors()

Definition at line 1794 of file qsslsocket.cpp.

ignoreSslErrors() [2/2]

void QSslSocket::ignoreSslErrors

(

const QList< QSslError > &

errors

)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

Since

4.6

This method tells QSslSocket to ignore only the errors given in errors.

Note

Because most SSL errors are associated with a certificate, for most of them you must set the expected certificate this SSL error is related to. If, for instance, you want to connect to a server that uses a self-signed certificate, consider the following snippet:

QList<QSslCertificate> cert = QSslCertificate::fromPath("server-certificate.pem"_L1);
QSslError error(QSslError::SelfSignedCertificate, cert.at(0));
QList<QSslError> expectedSslErrors;
expectedSslErrors.append(error);
 
QSslSocket socket;
socket.ignoreSslErrors(expectedSslErrors);
socket.connectToHostEncrypted("server.tld", 443);

Multiple calls to this function will replace the list of errors that were passed in previous calls. You can clear the list of errors you want to ignore by calling this function with an empty list.

See also

sslErrors(), sslHandshakeErrors()

Definition at line 1821 of file qsslsocket.cpp.

implementedClasses()

QList< QSsl::ImplementedClass > QSslSocket::implementedClasses ( const QString & backendName = {} )

static

Since

6.1 This function returns backend-specific classes implemented by the backend named backendName. An empty backendName is understood as a query about the currently active backend.

See also

QSsl::ImplementedClass, activeBackend(), isClassImplemented()

Definition at line 1640 of file qsslsocket.cpp.

isClassImplemented()

bool QSslSocket::isClassImplemented ( QSsl::ImplementedClass cl, const QString & backendName = {} )

static

Since

6.1 Returns true if a class cl is implemented by the backend named backendName. An empty backendName is understood as a query about the currently active backend.

See also

implementedClasses()

Definition at line 1653 of file qsslsocket.cpp.

isEncrypted()

bool QSslSocket::isEncrypted

(

)

const

Returns true if the socket is encrypted; otherwise, false is returned.

An encrypted socket encrypts all data that is written by calling write() or putChar() before the data is written to the network, and decrypts all incoming data as the data is received from the network, before you call read(), readLine() or getChar().

QSslSocket emits encrypted() when it enters encrypted mode.

You can call sessionCipher() to find which cryptographic cipher is used to encrypt and decrypt your data.

See also

mode()

Definition at line 644 of file qsslsocket.cpp.

isFeatureSupported()

bool QSslSocket::isFeatureSupported ( QSsl::SupportedFeature ft, const QString & backendName = {} )

static

Since

6.1 Returns true if a feature ft is supported by a backend named backendName. An empty backendName is understood as a query about the currently active backend.

See also

QSsl::SupportedFeature, supportedFeatures()

Definition at line 1677 of file qsslsocket.cpp.

isProtocolSupported()

bool QSslSocket::isProtocolSupported ( QSsl::SslProtocol protocol, const QString & backendName = {} )

static

Since

6.1 Returns true if protocol is supported by a backend named backendName. An empty backendName is understood as a query about the currently active backend.

See also

supportedProtocols()

Definition at line 1626 of file qsslsocket.cpp.

localCertificate()

QSslCertificate QSslSocket::localCertificate

(

)

const

Returns the socket's local \l {QSslCertificate} {certificate}, or an empty certificate if no local certificate has been assigned.

See also

setLocalCertificate(), privateKey()

Definition at line 1061 of file qsslsocket.cpp.

localCertificateChain()

QList< QSslCertificate > QSslSocket::localCertificateChain

(

)

const

Returns the socket's local \l {QSslCertificate} {certificate} chain, or an empty list if no local certificates have been assigned.

See also

setLocalCertificateChain()

Since

5.1

Definition at line 1007 of file qsslsocket.cpp.

mode()

QSslSocket::SslMode QSslSocket::mode

(

)

const

Returns the current mode for the socket; either UnencryptedMode, where QSslSocket behaves identially to QTcpSocket, or one of SslClientMode or SslServerMode, where the client is either negotiating or in encrypted mode.

When the mode changes, QSslSocket emits modeChanged()

See also

SslMode

Definition at line 623 of file qsslsocket.cpp.

modeChanged

void QSslSocket::modeChanged ( QSslSocket::SslMode mode )

signal

This signal is emitted when QSslSocket changes from \l QSslSocket::UnencryptedMode to either \l QSslSocket::SslClientMode or \l QSslSocket::SslServerMode.

mode is the new mode.

See also

QSslSocket::mode()

newSessionTicketReceived

void QSslSocket::newSessionTicketReceived ( )

signal

Since

5.15

If TLS 1.3 protocol was negotiated during a handshake, QSslSocket emits this signal after receiving NewSessionTicket message. Session and session ticket's lifetime hint are updated in the socket's configuration. The session can be used for session resumption (and a shortened handshake) in future TLS connections.

Note

This functionality enabled only with OpenSSL backend and requires OpenSSL v 1.1.1 or above.

See also

QSslSocket::sslConfiguration(), QSslConfiguration::sessionTicket(), QSslConfiguration::sessionTicketLifeTimeHint()

ocspResponses()

QList< QOcspResponse > QSslSocket::ocspResponses

(

)

const

Since

5.13

This function returns Online Certificate Status Protocol responses that a server may send during a TLS handshake using OCSP stapling. The list is empty if no definitive response or no response at all was received.

See also

QSslConfiguration::setOcspStaplingEnabled()

Definition at line 1174 of file qsslsocket.cpp.

peerCertificate()

QSslCertificate QSslSocket::peerCertificate

(

)

const

Returns the peer's digital certificate (i.e., the immediate certificate of the host you are connected to), or a null certificate, if the peer has not assigned a certificate.

The peer certificate is checked automatically during the handshake phase, so this function is normally used to fetch the certificate for display or for connection diagnostic purposes. It contains information about the peer, including its host name, the certificate issuer, and the peer's public key.

Because the peer certificate is set during the handshake phase, it is safe to access the peer certificate from a slot connected to the sslErrors() signal or the encrypted() signal.

If a null certificate is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.

If you want to check the peer's complete chain of certificates, use peerCertificateChain() to get them all at once.

See also

peerCertificateChain()

Definition at line 1094 of file qsslsocket.cpp.

peerCertificateChain()

QList< QSslCertificate > QSslSocket::peerCertificateChain

(

)

const

Returns the peer's chain of digital certificates, or an empty list of certificates.

Peer certificates are checked automatically during the handshake phase. This function is normally used to fetch certificates for display, or for performing connection diagnostics. Certificates contain information about the peer and the certificate issuers, including host name, issuer names, and issuer public keys.

The peer certificates are set in QSslSocket during the handshake phase, so it is safe to call this function from a slot connected to the sslErrors() signal or the encrypted() signal.

If an empty list is returned, it can mean the SSL handshake failed, or it can mean the host you are connected to doesn't have a certificate, or it can mean there is no connection.

If you want to get only the peer's immediate certificate, use peerCertificate().

See also

peerCertificate()

Definition at line 1123 of file qsslsocket.cpp.

peerVerifyDepth()

int QSslSocket::peerVerifyDepth

(

)

const

Since

4.4

Returns the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, or 0 (the default) if no maximum depth has been set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.

See also

setPeerVerifyDepth(), peerVerifyMode()

Definition at line 728 of file qsslsocket.cpp.

peerVerifyError

void QSslSocket::peerVerifyError ( const QSslError & error )

signal

Since

4.4

QSslSocket can emit this signal several times during the SSL handshake, before encryption has been established, to indicate that an error has occurred while establishing the identity of the peer. The error is usually an indication that QSslSocket is unable to securely identify the peer.

This signal provides you with an early indication when something's wrong. By connecting to this signal, you can manually choose to tear down the connection from inside the connected slot before the handshake has completed. If no action is taken, QSslSocket will proceed to emitting QSslSocket::sslErrors().

See also

sslErrors()

peerVerifyMode()

QSslSocket::PeerVerifyMode QSslSocket::peerVerifyMode

(

)

const

Since

4.4

Returns the socket's verify mode. This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer, which tells QSslSocket to use VerifyPeer for clients and QueryPeer for servers.

See also

setPeerVerifyMode(), peerVerifyDepth(), mode()

Definition at line 686 of file qsslsocket.cpp.

peerVerifyName()

QString QSslSocket::peerVerifyName

(

)

const

Since

4.8

Returns the different hostname for the certificate validation, as set by setPeerVerifyName or by connectToHostEncrypted.

See also

setPeerVerifyName(), connectToHostEncrypted()

Definition at line 765 of file qsslsocket.cpp.

preSharedKeyAuthenticationRequired

void QSslSocket::preSharedKeyAuthenticationRequired ( QSslPreSharedKeyAuthenticator * authenticator )

signal

Since

5.5

QSslSocket emits this signal when it negotiates a PSK ciphersuite, and therefore a PSK authentication is then required.

When using PSK, the client must send to the server a valid identity and a valid pre shared key, in order for the SSL handshake to continue. Applications can provide this information in a slot connected to this signal, by filling in the passed authenticator object according to their needs.

Note

Ignoring this signal, or failing to provide the required credentials, will cause the handshake to fail, and therefore the connection to be aborted.

The authenticator object is owned by the socket and must not be deleted by the application.

See also

QSslPreSharedKeyAuthenticator

privateKey()

QSslKey QSslSocket::privateKey

(

)

const

Returns this socket's private key.

See also

setPrivateKey(), localCertificate()

Definition at line 1246 of file qsslsocket.cpp.

protocol()

QSsl::SslProtocol QSslSocket::protocol

(

)

const

Returns the socket's SSL protocol.

By default, \l QSsl::SecureProtocols is used.

See also

setProtocol()

Definition at line 655 of file qsslsocket.cpp.

readData()

qint64 QSslSocket::readData ( char * data, qint64 maxlen )

overrideprotectedvirtual

\reimp

Reimplemented from QAbstractSocket.

Definition at line 1923 of file qsslsocket.cpp.

resume()

void QSslSocket::resume ( )

overridevirtual

\reimp

Since

5.0

Continues data transfer on the socket after it has been paused. If "setPauseMode(QAbstractSocket::PauseOnSslErrors);" has been called on this socket and a sslErrors() signal is received, calling this method is necessary for the socket to continue.

See also

QAbstractSocket::pauseMode(), QAbstractSocket::setPauseMode()

Reimplemented from QAbstractSocket.

Definition at line 434 of file qsslsocket.cpp.

sessionCipher()

QSslCipher QSslSocket::sessionCipher

(

)

const

Returns the socket's cryptographic \l {QSslCipher} {cipher}, or a null cipher if the connection isn't encrypted.

The socket's cipher for the session is set during the handshake phase. The cipher is used to encrypt and decrypt data transmitted through the socket.

QSslSocket also provides functions for setting the ordered list of ciphers from which the handshake phase will eventually select the session cipher. This ordered list must be in place before the handshake phase begins.

See also

QSslConfiguration::ciphers(), QSslConfiguration::setCiphers(), QSslConfiguration::setCiphers(), QSslConfiguration::ciphers(), QSslConfiguration::supportedCiphers()

Definition at line 1145 of file qsslsocket.cpp.

sessionProtocol()

QSsl::SslProtocol QSslSocket::sessionProtocol

(

)

const

Returns the socket's SSL/TLS protocol or UnknownProtocol if the connection isn't encrypted.

The socket's protocol for the session is set during the handshake phase.

See also

protocol(), setProtocol()

Since

5.4

Definition at line 1159 of file qsslsocket.cpp.

setActiveBackend()

bool QSslSocket::setActiveBackend ( const QString & backendName )

static

Since

6.1 Returns true if a backend with name backendName was set as active backend. backendName must be one of names returned by availableBackends().

Note

An application cannot mix different backends simultaneously. This implies that a non-default backend must be selected prior to any use of QSslSocket or related classes, e.g. QSslCertificate or QSslKey.

See also

activeBackend(), availableBackends()

Definition at line 1579 of file qsslsocket.cpp.

setLocalCertificate() [1/2]

void QSslSocket::setLocalCertificate

(

const QSslCertificate &

certificate

)

Sets the socket's local certificate to certificate.

The local certificate is necessary if you need to confirm your identity to the peer. It is used together with the private key; if you set the local certificate, you must also set the private key.

The local certificate and private key are always necessary for server sockets, but are also rarely used by client sockets if the server requires the client to authenticate.

Note

Secure Transport SSL backend on macOS may update the default keychain (the default is probably your login keychain) by importing your local certificates and keys. This can also result in system dialogs showing up and asking for permission when your application is using these private keys. If such behavior is undesired, set the QT_SSL_USE_TEMPORARY_KEYCHAIN environment variable to a non-zero value; this will prompt QSslSocket to use its own temporary keychain.

See also

localCertificate(), setPrivateKey()

Definition at line 1032 of file qsslsocket.cpp.

setLocalCertificate() [2/2]

void QSslSocket::setLocalCertificate	(	const QString &	fileName,
		QSsl::EncodingFormat	format = QSsl::Pem )

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Sets the socket's local \l {QSslCertificate} {certificate} to the first one found in file path, which is parsed according to the specified format.

Definition at line 1046 of file qsslsocket.cpp.

setLocalCertificateChain()

void QSslSocket::setLocalCertificateChain

(

const QList< QSslCertificate > &

localChain

)

Sets the certificate chain to be presented to the peer during the SSL handshake to be localChain.

See also

QSslConfiguration::setLocalCertificateChain()

Since

5.1

Definition at line 994 of file qsslsocket.cpp.

setPeerVerifyDepth()

void QSslSocket::setPeerVerifyDepth

(

int

depth

)

Since

4.4

Sets the maximum number of certificates in the peer's certificate chain to be checked during the SSL handshake phase, to depth. Setting a depth of 0 means that no maximum depth is set, indicating that the whole certificate chain should be checked.

The certificates are checked in issuing order, starting with the peer's own certificate, then its issuer's certificate, and so on.

See also

peerVerifyDepth(), setPeerVerifyMode()

Definition at line 747 of file qsslsocket.cpp.

setPeerVerifyMode()

void QSslSocket::setPeerVerifyMode

(

QSslSocket::PeerVerifyMode

mode

)

Since

4.4

Sets the socket's verify mode to mode. This mode decides whether QSslSocket should request a certificate from the peer (i.e., the client requests a certificate from the server, or a server requesting a certificate from the client), and whether it should require that this certificate is valid.

The default mode is AutoVerifyPeer, which tells QSslSocket to use VerifyPeer for clients and QueryPeer for servers.

Setting this mode after encryption has started has no effect on the current connection.

See also

peerVerifyMode(), setPeerVerifyDepth(), mode()

Definition at line 709 of file qsslsocket.cpp.

setPeerVerifyName()

void QSslSocket::setPeerVerifyName

(

const QString &

hostName

)

Since

4.8

Sets a different host name, given by hostName, for the certificate validation instead of the one used for the TCP connection.

See also

connectToHostEncrypted()

Definition at line 779 of file qsslsocket.cpp.

setPrivateKey() [1/2]

void QSslSocket::setPrivateKey

(

const QSslKey &

key

)

Sets the socket's private \l {QSslKey} {key} to key.

The private key and the local \l {QSslCertificate} {certificate} are used by clients and servers that must prove their identity to SSL peers.

Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.

See also

privateKey(), setLocalCertificate()

Definition at line 1195 of file qsslsocket.cpp.

setPrivateKey() [2/2]

void QSslSocket::setPrivateKey	(	const QString &	fileName,
		QSsl::KeyAlgorithm	algorithm = QSsl::Rsa,
		QSsl::EncodingFormat	format = QSsl::Pem,
		const QByteArray &	passPhrase = QByteArray() )

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.Reads the string in file fileName and decodes it using a specified algorithm and encoding format to construct an \l {QSslKey} {SSL key}.

If the encoded key is encrypted, passPhrase is used to decrypt it.

The socket's private key is set to the constructed key. The private key and the local \l {QSslCertificate} {certificate} are used by clients and servers that must prove their identity to SSL peers.

Both the key and the local certificate are required if you are creating an SSL server socket. If you are creating an SSL client socket, the key and local certificate are required if your client must identify itself to an SSL server.

See also

privateKey(), setLocalCertificate()

Definition at line 1221 of file qsslsocket.cpp.

setProtocol()

void QSslSocket::setProtocol

(

QSsl::SslProtocol

protocol

)

Sets the socket's SSL protocol to protocol.

This will affect the next initiated handshake; calling this function on an already-encrypted socket will not affect the socket's protocol.

Definition at line 666 of file qsslsocket.cpp.

setReadBufferSize()

void QSslSocket::setReadBufferSize ( qint64 size )

overridevirtual

Since

4.4

Sets the size of QSslSocket's internal read buffer to be size bytes.

Reimplemented from QAbstractSocket.

Definition at line 903 of file qsslsocket.cpp.

setSocketDescriptor()

bool QSslSocket::setSocketDescriptor ( qintptr socketDescriptor, SocketState state = ConnectedState, OpenMode openMode = ReadWrite )

overridevirtual

Initializes QSslSocket with the native socket descriptor socketDescriptor.

Returns true if socketDescriptor is accepted as a valid socket descriptor; otherwise returns false. The socket is opened in the mode specified by openMode, and enters the socket state specified by state.

Note

It is not possible to initialize two sockets with the same native socket descriptor.

See also

socketDescriptor()

Reimplemented from QAbstractSocket.

Definition at line 561 of file qsslsocket.cpp.

setSocketOption()

void QSslSocket::setSocketOption ( QAbstractSocket::SocketOption option, const QVariant & value )

overridevirtual

Since

4.6 Sets the given option to the value described by value.

See also

socketOption()

Reimplemented from QAbstractSocket.

Definition at line 591 of file qsslsocket.cpp.

setSslConfiguration()

void QSslSocket::setSslConfiguration

(

const QSslConfiguration &

configuration

)

Since

4.4

Sets the socket's SSL configuration to be the contents of configuration. This function sets the local certificate, the ciphers, the private key and the CA certificates to those stored in configuration.

It is not possible to set the SSL-state related fields.

See also

setLocalCertificate(), setPrivateKey(), QSslConfiguration::setCaCertificates(), QSslConfiguration::setCiphers()

Definition at line 951 of file qsslsocket.cpp.

skipData()

qint64 QSslSocket::skipData ( qint64 maxSize )

overrideprotectedvirtual

\reimp

Reimplemented from QAbstractSocket.

Definition at line 2833 of file qsslsocket.cpp.

socketOption()

QVariant QSslSocket::socketOption ( QAbstractSocket::SocketOption option )

overridevirtual

Since

4.6 Returns the value of the option option.

See also

setSocketOption()

Reimplemented from QAbstractSocket.

Definition at line 604 of file qsslsocket.cpp.

sslConfiguration()

QSslConfiguration QSslSocket::sslConfiguration

(

)

const

Since

4.4

Returns the socket's SSL configuration state. The default SSL configuration of a socket is to use the default ciphers, default CA certificates, no local private key or certificate.

The SSL configuration also contains fields that can change with time without notice.

See also

localCertificate(), peerCertificate(), peerCertificateChain(), sessionCipher(), privateKey(), QSslConfiguration::ciphers(), QSslConfiguration::caCertificates()

Definition at line 926 of file qsslsocket.cpp.

sslErrors

void QSslSocket::sslErrors ( const QList< QSslError > & errors )

signal

QSslSocket emits this signal after the SSL handshake to indicate that one or more errors have occurred while establishing the identity of the peer.

The errors are usually an indication that QSslSocket is unable to securely identify the peer. Unless any action is taken, the connection will be dropped after this signal has been emitted.

If you want to continue connecting despite the errors that have occurred, you must call QSslSocket::ignoreSslErrors() from inside a slot connected to this signal. If you need to access the error list at a later point, you can call sslHandshakeErrors().

errors contains one or more errors that prevent QSslSocket from verifying the identity of the peer.

Note

You cannot use Qt::QueuedConnection when connecting to this signal, or calling QSslSocket::ignoreSslErrors() will have no effect.

See also

peerVerifyError()

sslHandshakeErrors()

QList< QSslError > QSslSocket::sslHandshakeErrors

(

)

const

Since

5.15

Returns a list of the last SSL errors that occurred. This is the same list as QSslSocket passes via the sslErrors() signal. If the connection has been encrypted with no errors, this function will return an empty list.

See also

connectToHostEncrypted()

Definition at line 1451 of file qsslsocket.cpp.

sslLibraryBuildVersionNumber()

long QSslSocket::sslLibraryBuildVersionNumber ( )

static

Since

5.4 Returns the version number of the SSL library in use at compile time. If no SSL support is available then this will return -1.

See also

sslLibraryVersionNumber()

Definition at line 1503 of file qsslsocket.cpp.

sslLibraryBuildVersionString()

QString QSslSocket::sslLibraryBuildVersionString ( )

static

Since

5.4 Returns the version string of the SSL library in use at compile time. If no SSL support is available then this will return an empty value.

See also

sslLibraryVersionString()

Definition at line 1518 of file qsslsocket.cpp.

sslLibraryVersionNumber()

long QSslSocket::sslLibraryVersionNumber ( )

static

Since

5.0 Returns the version number of the SSL library in use. Note that this is the version of the library in use at run-time not compile time. If no SSL support is available then this will return -1.

Definition at line 1475 of file qsslsocket.cpp.

sslLibraryVersionString()

QString QSslSocket::sslLibraryVersionString ( )

static

Since

5.0 Returns the version string of the SSL library in use. Note that this is the version of the library in use at run-time not compile time. If no SSL support is available then this will return an empty value.

Definition at line 1489 of file qsslsocket.cpp.

startClientEncryption

void QSslSocket::startClientEncryption ( )

slot

Starts a delayed SSL handshake for a client connection.

This function can be called when the socket is in the \l ConnectedState but still in the \l UnencryptedMode. If it is not yet connected, or if it is already encrypted, this function has no effect.

Clients that implement STARTTLS functionality often make use of delayed SSL handshakes. Most other clients can avoid calling this function directly by using connectToHostEncrypted() instead, which automatically performs the handshake.

See also

connectToHostEncrypted(), startServerEncryption()

Definition at line 1695 of file qsslsocket.cpp.

startServerEncryption

void QSslSocket::startServerEncryption ( )

slot

Starts a delayed SSL handshake for a server connection.

This function can be called when the socket is in the \l ConnectedState but still in \l UnencryptedMode. If it is not connected or it is already encrypted, the function has no effect.

For server sockets, calling this function is the only way to initiate the SSL handshake. Most servers will call this function immediately upon receiving a connection, or as a result of having received a protocol-specific command to enter SSL mode (e.g, the server may respond to receiving the string "STARTTLS\\r\\n" by calling this function).

The most common way to implement an SSL server is to create a subclass of QTcpServer and reimplement QTcpServer::incomingConnection(). The returned socket descriptor is then passed to QSslSocket::setSocketDescriptor().

See also

connectToHostEncrypted(), startClientEncryption()

Definition at line 1746 of file qsslsocket.cpp.

supportedFeatures()

QList< QSsl::SupportedFeature > QSslSocket::supportedFeatures ( const QString & backendName = {} )

static

Since

6.1 This function returns features supported by a backend named backendName. An empty backendName is understood as a query about the currently active backend.

See also

QSsl::SupportedFeature, activeBackend()

Definition at line 1665 of file qsslsocket.cpp.

supportedProtocols()

QList< QSsl::SslProtocol > QSslSocket::supportedProtocols ( const QString & backendName = {} )

static

Since

6.1 If a backend with name backendName is available, this function returns the list of TLS protocol versions supported by this backend. An empty backendName is understood as a query about the currently active backend. Otherwise, this function returns an empty list.

See also

availableBackends(), activeBackend(), isProtocolSupported()

Definition at line 1614 of file qsslsocket.cpp.

supportsSsl()

bool QSslSocket::supportsSsl ( )

static

Returns true if this platform supports SSL; otherwise, returns false.

If the platform doesn't support SSL, the socket will fail in the connection phase.

Definition at line 1464 of file qsslsocket.cpp.

waitForBytesWritten()

bool QSslSocket::waitForBytesWritten ( int msecs = 30000 )

overridevirtual

\reimp

Reimplemented from QAbstractSocket.

Definition at line 1367 of file qsslsocket.cpp.

waitForConnected()

bool QSslSocket::waitForConnected ( int msecs = 30000 )

overridevirtual

Waits until the socket is connected, or msecs milliseconds, whichever happens first.

If the connection has been established, this function returns true; otherwise it returns false.

See also

QAbstractSocket::waitForConnected()

Reimplemented from QAbstractSocket.

Definition at line 1259 of file qsslsocket.cpp.

waitForDisconnected()

bool QSslSocket::waitForDisconnected ( int msecs = 30000 )

overridevirtual

Waits until the socket has disconnected or msecs milliseconds, whichever comes first.

If the connection has been disconnected, this function returns true; otherwise it returns false.

See also

QAbstractSocket::waitForDisconnected()

Reimplemented from QAbstractSocket.

Definition at line 1398 of file qsslsocket.cpp.

waitForEncrypted()

bool QSslSocket::waitForEncrypted

(

int

msecs = 30000

)

Waits until the socket has completed the SSL handshake and has emitted encrypted(), or msecs milliseconds, whichever comes first.

If encrypted() has been emitted, this function returns true; otherwise (e.g., the socket is disconnected, or the SSL handshake fails), false is returned.

The following example waits up to one second for the socket to be encrypted:

socket->connectToHostEncrypted("imap", 993);
if (socket->waitForEncrypted(1000))
    qDebug("Encrypted!");

If msecs is -1, this function will not time out.

See also

startClientEncryption(), startServerEncryption(), encrypted(), isEncrypted()

Definition at line 1288 of file qsslsocket.cpp.

waitForReadyRead()

bool QSslSocket::waitForReadyRead ( int msecs = 30000 )

overridevirtual

\reimp

Reimplemented from QAbstractSocket.

Definition at line 1322 of file qsslsocket.cpp.

writeData()

qint64 QSslSocket::writeData ( const char * data, qint64 len )

overrideprotectedvirtual

\reimp

Reimplemented from QAbstractSocket.

Definition at line 1948 of file qsslsocket.cpp.

---

The documentation for this class was generated from the following files:

• qtbase/src/network/ssl/qsslsocket.h (b856790d67ad25f5cd8e374cb299a129acbea2ff)
• qtbase/src/network/ssl/qsslsocket.cpp (128645d02338029858dd3e03defeff9f16d80172)