Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Native Development

Reply
Developer
maarko
Posts: 119
Registered: ‎07-02-2013
My Device: Q10 v10.2.0.424
My Carrier: {unbranded}
Accepted Solution

custom certificates. how to

I am using QNetworkRequest to get html from the web. This page is only available over secure connection. Blackberry does not include certificate of this page, so QNetworkRequest fails - Web Browser has similar problem, but it is solved by "Add Exception"

 

How can I configure QNetworkRequest to accept unknown certificate?

 

Please use plain text.
BlackBerry Development Advisor (Retired)
mwoolley
Posts: 571
Registered: ‎06-25-2010
My Device: Z10
My Carrier: Vodafone

Re: custom certificates. how to

You can't. That would be quite a security issue. You can import the certificate manually from Settings-Security-Certificates however.

--------------------------------------------------------------------------------------------
Feel free to press the like button on the right side if you liked my attempts to help :-)
And please mark posts as solved if you think I found the solution or set you on its path. Thanks!
Follow me on Twitter: @mdwrim
Please use plain text.
Developer
maarko
Posts: 119
Registered: ‎07-02-2013
My Device: Q10 v10.2.0.424
My Carrier: {unbranded}

Re: custom certificates. how to

I believe I can - web browser on bb does it somehow ("Add Exception" feature). For now I can not download some text from page only because it is served in https and BB is missing some basic certificates...

 

Import Certificates is not an options, because I don't to bother users to import certificates because my app wants to present some data.

Please use plain text.
Developer
simon_hain
Posts: 15,805
Registered: ‎07-29-2008
My Device: Z10 LE
My Carrier: O2 Germany

Re: custom certificates. how to

If the user wants to use a custom certificate (self signed etc) he has to import it.

As far as i know you cannot use the native certificate store and have to manage them manually.
Our handing is as follows:
- user imports certificate using a file picker (in cer or dem format)
- generate a list of QSslError objects using the errors we want to ignore and the certificate
- we call ignoreSslErrors on the connection and hand over the list of errors we generated
- we connect onSslError to show error messages if the installed certificate does not work or there is none.
----------------------------------------------------------
feel free to press the like button on the right side to thank the user that helped you.
please mark posts as solved if you found a solution.
@SimonHain on twitter
Please use plain text.
Developer
maarko
Posts: 119
Registered: ‎07-02-2013
My Device: Q10 v10.2.0.424
My Carrier: {unbranded}

Re: custom certificates. how to

it's not user-custom-certificate. it's quite basic certificate that bb is missing. on google-chrome, ff, opera page works ok, on bb there is certificate error.

 

"generate a list of QSslError objects using the errors we want to ignore and the certificate"

 

do you mean i may ignore certificate error in my app and continue to download page over https even if it has unknown certificate?

Please use plain text.
BlackBerry Development Advisor (Retired)
mwoolley
Posts: 571
Registered: ‎06-25-2010
My Device: Z10
My Carrier: Vodafone

Re: custom certificates. how to

The point with the Add Exception button is that the user is explicitly trusting the certificate. Performing the same action behind the scenes in an app would constitute a security issue.

--------------------------------------------------------------------------------------------
Feel free to press the like button on the right side if you liked my attempts to help :-)
And please mark posts as solved if you think I found the solution or set you on its path. Thanks!
Follow me on Twitter: @mdwrim
Please use plain text.
Developer
maarko
Posts: 119
Registered: ‎07-02-2013
My Device: Q10 v10.2.0.424
My Carrier: {unbranded}

Re: custom certificates. how to

yep, that's true.

 

what's also true is the app user is not in fact the one who requests pages. my app request pages, so the app is really user of those pages. app user doesn't have to trust in certificates of pages used by my app, doesn't have to be bothered. i use some pages to combine my result data and i am the one who must trust third party certificates. i use few specific pages which certificates are trusted by me. so i would like to add those certificates to my app, to allow it proceed with https requests - but i don't want to put few pages of documentation for my app about how to add certificates to bb10, so the app could work.

 

those pages are used read-only - no any data is provided by final user of my app to pages i use.

 

Please use plain text.
Developer
simon_hain
Posts: 15,805
Registered: ‎07-29-2008
My Device: Z10 LE
My Carrier: O2 Germany

Re: custom certificates. how to


maarko wrote:

do you mean i may ignore certificate error in my app and continue to download page over https even if it has unknown certificate?

No. Well, you could, but that would make the whole ssl thing useless.

Here is a code snippet that should make the process more transparent:

networkReply->ignoreSslErrors(CertificateService::instance()->getExpectedErrors());

 We create the errors in the service like this:

foreach( const QSslCertificate &cert, serverCertificates ){
 QSslError selfSignedError(QSslError::SelfSignedCertificate, cert);
 expectedSslErrors.append(selfSignedError);
}

 It is quite a lot of overhead, but you have to do it only once and can re-use it for other apps.

The biggest drawback is that the user has to import the certificate inside your application.

 

Unless we understood something wrong the Qt network package cannot access the certificates from the device store, so if you add an exception in the browser the same certificate is still untrusted for your own SSL connection :smileysad:

----------------------------------------------------------
feel free to press the like button on the right side to thank the user that helped you.
please mark posts as solved if you found a solution.
@SimonHain on twitter
Please use plain text.
Developer
maarko
Posts: 119
Registered: ‎07-02-2013
My Device: Q10 v10.2.0.424
My Carrier: {unbranded}

Re: custom certificates. how to

thanks, I will give a try
Please use plain text.
Developer
simon_hain
Posts: 15,805
Registered: ‎07-29-2008
My Device: Z10 LE
My Carrier: O2 Germany

Re: custom certificates. how to


maarko wrote:
so i would like to add those certificates to my app, to allow it proceed with https requests - but i don't want to put few pages of documentation for my app about how to add certificates to bb10, so the app could work

 


That would make it a lot easier. You can include the certificates in your app.

I recommend the open source software XCA to convert certificates, you can use firefox to download them (use the export button in the security dialog).

----------------------------------------------------------
feel free to press the like button on the right side to thank the user that helped you.
please mark posts as solved if you found a solution.
@SimonHain on twitter
Please use plain text.