Details
-
Bug
-
Resolution: Invalid
-
P2: Important
-
None
-
4.5.2
-
None
Description
We are using Qt 4.5.2 to create applications that conduct HTTPS connections with a product server and authenticate the server using X509v3 certificates.
When we deploy the full CA certificate chain including the self-signed root CA certificate, our applications are able to authenticate the client.
We would like to deploy a CA certificate chain that does not include the root CA certificate but rather only the CA certificate whose private key was used to sign the certificate of the server which is being authenticated.
We have tried using the "setPeerVerifyDepth" function on both the default QSslConfiguration object as well as the same function call on a QSslSocket object, setting the value to "1" prior to the client connecting the server but we continue to get "The issuer certificate could not be found" and "The root CA certificate is not trusted for this purpose" emitted in an sslError signal.