SSL: blacklist intermediate certificates that issued weak certs

... as did browser vendors. Tested manually with affected CA certificates. Reviewed-by: Richard J. Moore <rich@kde.org>
author: Peter Hartmann <peter.hartmann@nokia.com> 2011-11-04 15:56:12 (GMT)
committer: Peter Hartmann <peter.hartmann@nokia.com> 2011-11-08 12:10:12 (GMT)
commit: e1d6df4e5931ee49b4b68dd5a33146f5639268b7 (patch)
tree: dbed3a4c1c1a91711b9cef05fdd2d33c725ef2fb
parent: 9d5c920bb23b949a0b98f1268679a0a2c06dd1d9 (diff)
download: Qt-e1d6df4e5931ee49b4b68dd5a33146f5639268b7.zip
Qt-e1d6df4e5931ee49b4b68dd5a33146f5639268b7.tar.gz
Qt-e1d6df4e5931ee49b4b68dd5a33146f5639268b7.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 2a2ad55..85cd06c 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -814,6 +814,9 @@ static const char *certificate_blacklist[] = {
 //    "(has not been seen in the wild so far)", "Stichting TTP Infos CA," // compromised during DigiNotar breach
     "1184640175", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust
     "1184644297", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust
+
+    "120001705", "Digisign Server ID (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Verizon CyberTrust
+    "1276011370", "Digisign Server ID - (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Entrust
     0
 };
author	Peter Hartmann <peter.hartmann@nokia.com>	2011-11-04 15:56:12 (GMT)
committer	Peter Hartmann <peter.hartmann@nokia.com>	2011-11-08 12:10:12 (GMT)
commit	e1d6df4e5931ee49b4b68dd5a33146f5639268b7 (patch)
tree	dbed3a4c1c1a91711b9cef05fdd2d33c725ef2fb
parent	9d5c920bb23b949a0b98f1268679a0a2c06dd1d9 (diff)
download	Qt-e1d6df4e5931ee49b4b68dd5a33146f5639268b7.zip Qt-e1d6df4e5931ee49b4b68dd5a33146f5639268b7.tar.gz Qt-e1d6df4e5931ee49b4b68dd5a33146f5639268b7.tar.bz2