Qt.git - Qt s a cross-platform application framework that is used for developing application software that can be run on various software and hardware platforms with little or no change in the underlying codebase, while still being a native application with native capabilities and speed.

diff options

author	Andy Shaw <andy.shaw@digia.com>	2015-01-14 21:47:55 (GMT)
committer	Andy Shaw <andy.shaw@digia.com>	2015-01-14 22:05:15 (GMT)
commit	7fcb100bbf6e8482039f915a9df93d951f7d52e6 (patch)
tree	13f55d3aa2dac52ca70c9c9ff8003471566eecf0 /demos/shared/arthurstyle.cpp
parent	8032b176785c0a7d068a039a10fe7b1b59292a20 (diff)
download	Qt-7fcb100bbf6e8482039f915a9df93d951f7d52e6.zip Qt-7fcb100bbf6e8482039f915a9df93d951f7d52e6.tar.gz Qt-7fcb100bbf6e8482039f915a9df93d951f7d52e6.tar.bz2

Ignore expired certificate during certificate validation

OpenSSL has a bug when validating a chain with two certificates. If a certificate exists twice (which is a valid use case for renewed CAs), and the first one it hits is expired (which depends on the order on data structure internal to OpenSSL), it will fail to validate the chain. This is only a bandaid fix, which trades improved chain validation for error reporting accuracy. However given that reissuing of CA certs is a real problem that is only getting worse, this fix is needed. See also: https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html#WARNINGS [ChangeLog][QtNetwork][QSslSocket] Added a workaround to an OpenSSL problem that may cause errors when the trust store contains two certificates of the issuing CA, one of which is expired. Task-number: QTBUG-38896 (cherry picked and adapted from qtbase/0065b55da42b8c6ee0095264b5275fb708887c9d) Change-Id: I2515d79a442bec96734ea88ea850e6e8c2123a6c Reviewed-by: Richard J. Moore <rich@kde.org>

Diffstat (limited to 'demos/shared/arthurstyle.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: