Page 231 - Open Soource Technologies 304.indd
P. 231
Unit 9: Web Techniques
Certificate application process, the Certification Authority will validate your details and issue Notes
an SSL Certificate containing your details and allowing you to use SSL. Your web server will
match your issued SSL Certificate to your Private Key. Your web server will then be able to
establish an encrypted link between the website and your customer’s web browser.
The complexities of the SSL protocol remain invisible to your customers. Instead their browsers
provide them with a key indicator to let them know they are currently protected by an SSL
encrypted session—the lock icon in the lower right-hand corner, clicking on the lock icon displays
your SSL Certificate and the details about it. All SSL Certificates are issued to either companies
or legally accountable individuals.
Typically an SSL Certificate will contain your domain name, your company name, your address,
your city, your state and your country. It will also contain the expiration date of the Certificate
and details of the Certification Authority responsible for the issuance of the Certificate. When a
browser connects to a secure site it will retrieve the site’s SSL Certificate and check that it has not
expired, it has been issued by a Certification Authority the browser trusts, and that it is being
used by the website for which it has been issued. If it fails on anyone of these checks the browser
will display a warning to the end user letting them know that the site is not secured by SSL.
The HTTPS entry in the $_SERVER array is set to ‘on’ if the PHP page was generated in
response to a request over an SSL connection. To prevent a page from being generated over a
nonencrypted connection, simply use:
if ($_SERVER{‘HTTPS’] !== ‘on’) { die(“Must be a secure connection.”); }
A common mistake is to send a form over a secure connection (e.g., https://www.example.com/form.
html), but have the action of the form submit to an http:// URL. Any form parameters entered by
the user are sent over an insecure connection—a trivial packet sniffer can reveal them.
9.7.1 Enabling and Disabling SSL Support
When building Qt from source, the configuration system checks for the presence of the openssl/
opensslv.h header provided by source or developer packages of OpenSSL.
By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-
time. However, it is possible to link against the library at compile-time by configuring Qt with
the -openssl-linked option.
When building a version of Qt linked against OpenSSL, the build system will attempt to link
with libssl and libcrypt libraries located in the default location on the developer’s system. This
location is configurable: set the OPENSSL_LIBS environment variable to contain the linker
options required to link Qt against the installed library. For example, on a Unix/Linux system:
./configure -openssl-linked OPENSSL_LIBS=’-L/opt/ssl/lib -lssl -lcrypto’
To disable SSL support in a Qt build, configure Qt with the -no-openssl option.
9.7.2 Licensing Information
Due to import and export restrictions in some parts of the world, we are unable to supply the
OpenSSL Toolkit with Qt packages. Developers wishing to use SSL communication in their
deployed applications should either ensure that their users have the appropriate libraries installed,
or they should consult a suitably qualified legal professional to ensure that applications using
code from the OpenSSL project are correctly certified for import and export in relevant regions
of the world.
When the QtNetwork module is built with SSL support, the library is linked against OpenSSL
in a way that requires OpenSSL license compliance.
LOVELY PROFESSIONAL UNIVERSITY 225
