diff options
| author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-08-30 09:33:01 (GMT) |
|---|---|---|
| committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-08-30 09:39:22 (GMT) |
| commit | 70f6a1b91b242174682c30be976c2aa36c450cc7 (patch) | |
| tree | 5ada7cd519664204577fa08ff4a81c99745db135 | |
| parent | 7b45a4cbf7593c8d7a837d826d9827fee243c46c (diff) | |
| download | Qt-70f6a1b91b242174682c30be976c2aa36c450cc7.zip Qt-70f6a1b91b242174682c30be976c2aa36c450cc7.tar.gz Qt-70f6a1b91b242174682c30be976c2aa36c450cc7.tar.bz2 | |
QSslCertificate: blacklist fraudulent *.google.com
blacklist the leaf certificate for now. There might well be more fake
certificates in the wild, for that either the Diginotar.nl root cert
needs to be disabled on the system or OCSP would need to be enabled
(not supported by Qt yet).
Reviewed-by: Richard J. Moore <rich@kde.org>
| -rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 1 | ||||
| -rw-r--r-- | tests/auto/qsslcertificate/more-certificates/blacklisted-google.com-diginotar.pem | 30 |
2 files changed, 31 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 76b7d41..8bf1fb7 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -792,6 +792,7 @@ static const char *certificate_blacklist[] = { "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43", "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0", "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0", + "05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56", 0 }; diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-google.com-diginotar.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-google.com-diginotar.pem new file mode 100644 index 0000000..12bbcae --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-google.com-diginotar.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm +MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp +Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v +dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE +BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp +ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS +CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q +7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD +ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x +OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8 +vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2 +EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0 +dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43 +/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH +aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u +bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u +IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg +dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8 +oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s +YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn +b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG +9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH +UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB +pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM +FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum +U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK +baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg== +-----END CERTIFICATE----- |