- class QSslServer#
Implements an encrypted, secure TCP server over TLS. More…
New in version 6.4.
Synopsis#
Methods#
def
__init__()
Signals#
Note
This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE
Detailed Description#
Class to use in place of
QTcpServer
to implement TCP server using Transport Layer Security (TLS).To configure the secure handshake settings, use the applicable setter functions on a
QSslConfiguration
object, and then use it as an argument to thesetSslConfiguration()
function. All following incoming connections handled will use these settings.To start listening to incoming connections use the
listen()
function inherited fromQTcpServer
. Other settings can be configured by using the setter functions inherited from theQTcpServer
class.Connect to the signals of this class to respond to the incoming connection attempts. They are the same as the signals on
QSslSocket
, but also passes a pointer to the socket in question.When responding to the
pendingConnectionAvailable()
signal, use thenextPendingConnection()
function to fetch the next incoming connection and take it out of the pending connection queue. TheQSslSocket
is a child of theQSslServer
and will be deleted when theQSslServer
is deleted. It is still a good idea to destroy the object explicitly when you are done with it, to avoid wasting memory.See also
Constructs a new
QSslServer
with the givenparent
.- alertReceived(socket, level, type, description)#
- Parameters:
socket –
QSslSocket
level –
AlertLevel
type –
AlertType
description – str
QSslServer
emits this signal if an alert message was received by thesocket
from a peer.level
tells if the alert was fatal or it was a warning.type
is the code explaining why the alert was sent. When a textual description of the alert message is available, it is supplied indescription
.Note
The signal is mostly for informational and debugging purposes and does not require any handling in the application. If the alert was fatal, underlying backend will handle it and close the connection.
- alertSent(socket, level, type, description)#
- Parameters:
socket –
QSslSocket
level –
AlertLevel
type –
AlertType
description – str
QSslServer
emits this signal if an alert message was sent fromsocket
to a peer.level
describes if it was a warning or a fatal error.type
gives the code of the alert message. When a textual description of the alert message is available, it is supplied indescription
.Note
This signal is mostly informational and can be used for debugging purposes, normally it does not require any actions from the application.
- errorOccurred(socket, error)#
- Parameters:
socket –
QSslSocket
error –
SocketError
This signal is emitted after an error occurred during handshake. The
socketError
parameter describes the type of error that occurred.The
socket
is automatically deleted after this signal is emitted if the socket handshake has not reached encrypted state. But if thesocket
is successfully encrypted, it is inserted into theQSslServer
‘s pending connections queue. When the user has callednextPendingConnection()
it is the user’s responsibility to destroy thesocket
or thesocket
will not be destroyed until theQSslServer
object is destroyed. If an error occurs on asocket
after it has been inserted into the pending connections queue, this signal will not be emitted, and thesocket
will not be removed or destroyed.Note
You cannot use Qt::QueuedConnection when connecting to this signal, or the
socket
will have been already destroyed when the signal is handled.See also
error()
errorString()
- handshakeInterruptedOnError(socket, error)#
- Parameters:
socket –
QSslSocket
error –
QSslError
QSslServer
emits this signal if a certificate verification error was found bysocket
and if early error reporting was enabled inQSslConfiguration
. An application is expected to inspect theerror
and decide if it wants to continue the handshake, or abort it and send an alert message to the peer. The signal-slot connection must be direct.- handshakeTimeout()#
- Return type:
int
Returns the currently configured handshake timeout.
See also
- peerVerifyError(socket, error)#
- Parameters:
socket –
QSslSocket
error –
QSslError
QSslServer
can emit this signal several times during the SSL handshake, before encryption has been established, to indicate that an error has occurred while establishing the identity of the peer. Theerror
is usually an indication thatsocket
is unable to securely identify the peer.This signal provides you with an early indication when something’s wrong. By connecting to this signal, you can manually choose to tear down the connection from inside the connected slot before the handshake has completed. If no action is taken,
QSslServer
will proceed to emittingsslErrors()
.See also
- Parameters:
socket –
QSslSocket
authenticator –
QSslPreSharedKeyAuthenticator
QSslServer
emits this signal whensocket
negotiates a PSK ciphersuite, and therefore PSK authentication is then required.When using PSK, the server must supply a valid identity and a valid pre shared key, in order for the SSL handshake to continue. Applications can provide this information in a slot connected to this signal, by filling in the passed
authenticator
object according to their needs.Note
Ignoring this signal, or failing to provide the required credentials, will cause the handshake to fail, and therefore the connection to be aborted.
Note
The
authenticator
object is owned by thesocket
and must not be deleted by the application.See also
- setHandshakeTimeout(timeout)#
- Parameters:
timeout – int
Sets the
timeout
to use for all incoming handshakes, in milliseconds.This is relevant in the scenario where a client, whether malicious or accidental, connects to the server but makes no attempt at communicating or initiating a handshake.
QSslServer
will then automatically end the connection aftertimeout
milliseconds have elapsed.By default the timeout is 5000 milliseconds (5 seconds).
Note
The underlying TLS framework may have their own timeout logic now or in the future, this function does not affect that.
Note
The
timeout
passed to this function will only apply to new connections. If a client is already connected it will use the timeout which was set when it connected.See also
- setSslConfiguration(sslConfiguration)#
- Parameters:
sslConfiguration –
QSslConfiguration
Sets the
sslConfiguration
to use for all following incoming connections.This must be called before
listen()
to ensure that the desired configuration was in use during all handshakes.See also
- sslConfiguration()#
- Return type:
Returns the current ssl configuration.
See also
- sslErrors(socket, errors)#
- Parameters:
socket –
QSslSocket
errors – .list of QSslError
QSslServer
emits this signal after the SSL handshake to indicate that one or more errors have occurred while establishing the identity of the peer. The errors are usually an indication thatsocket
is unable to securely identify the peer. Unless any action is taken, the connection will be dropped after this signal has been emitted.If you want to continue connecting despite the errors that have occurred, you must call
ignoreSslErrors()
from inside a slot connected to this signal. If you need to access the error list at a later point, you can call sslHandshakeErrors().errors
contains one or more errors that preventQSslSocket
from verifying the identity of the peer.Note
You cannot use Qt::QueuedConnection when connecting to this signal, or calling
ignoreSslErrors()
will have no effect.See also
- startedEncryptionHandshake(socket)#
- Parameters:
socket –
QSslSocket
This signal is emitted when the client, connected to
socket
, initiates the TLS handshake.