Is it possible to create a new QSslSocket and for it to take ownership over the existing TCP connection, and the old QTcpSocket to be discarded, without interrupting or closing the TCP connection?
I need this to implement explicit FTPS in my FTP server, which requires that initially the connection is unencrypted, and only upon the FTP client's request (the command AUTH SSL
or AUTH TLS
), if it comes at all, an SSL/TLS handshake is initiated.
Yes this is possible. The simplest way to do this is to replace the QTcpSocket
with a QSslSocket
. The QSslSocket
will behave exactly like a normal QTcpSocket
(no encryption) until you call startClientEncryption
. After that the QSslSocket
will act like a normal QTcpSocket
but all communication is encrypted in the background.
Using this I was actually able to port a 100k+ lines project to use SSL in less than one hour.
There is no (real) overhead to use QSslSocket
in unencrypted mode since it will just call the corresponding QTcpSocket
method. For example the read method (qsslsocket.cpp
Qt 4.8.3):
if (d->mode == UnencryptedMode && !d->autoStartHandshake) {
readBytes = d->plainSocket->read(data, maxlen);
} else {
//encryption stuff