Qt4 QSslSocket triggers HTTP 406 responseq

Question

I have an application that is working as a proxy using QTcpSocket to intercept HTTP requests. I'm trying to extend that to work for HTTPS as well, but it seems that it's not working how I anticipated. Using QHttp is not possible for me due to the uniqueness of the application.

Currently, I have something like the following:

    serverConnection = new QTcpSocket();
    serverConnection->setProxy(proxy);
    serverConnection->connectToHost(url_hostname, url_port);
    serverConnection->write(request.toAscii());
    connect(serverConnection, SIGNAL(readyRead()), this, SLOT(readServerData()), Qt::DirectConnection);

I've attempted to do something quite similar using QSslSocket, but unfortunately the outcome isn't what I expected.

    serverSConnection = new QSslSocket();
    serverSConnection->connectToHostEncrypted(url_hostname, url_port);
    if (!serverSConnection->waitForEncrypted()) {
        qDebug() << "waitForEncrypted failed";
    }
    serverSConnection->write(request.toAscii());
    connect(serverSConnection, SIGNAL(readyRead()), this, SLOT(readSServerData()), Qt::DirectConnection);

Using the QSslSocket to do the request appears to trigger: HTTP/1.1 406 Not Acceptable

The request I'm sending through looks something along the lines of the following:

Received Request:  "CONNECT www.somesslhost.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13
Proxy-Connection: keep-alive
Host: www.somesslhost.com

Is there something special about sending an HTTPS request through my application using QSslSocket that I'm missing?

Answer 1

I'm confused - you say:

I have an application that is working as a proxy using QTcpSocket to intercept HTTP requests.

What do you mean by "intercept"? Are you trying to write an HTTP proxy application? Please be more clear & specific, and we can probably help you out.

Answer 2

With current information I can only get the idea that you're doing it wrong.

Your method is fine if your client is supposed to send plain HTTP requests to your application and it is going to forward them to HTTPS server.

If your client is instead capable of using HTTPS and uses your application as a standard proxy server, you aren't supposed to connect to the server like that. You get 406 because you're trying to convince the destination server to act as a proxy between you and itself.

You can take a look at Tunneling SSL Through a WWW Proxy, I think. Basically, you should parse the incoming request, establish a ‘raw’ connection to server, respond the client with establishment confirmation and then just forward the packets forth and back.

The whole SSL negotiation is to be done between your client and destination server, proxy server is only supposed to forward encrypted packets without being able to decrypt them.