diff options
| author | Peter Hartmann <phartmann@blackberry.com> | 2014-07-09 14:22:44 (GMT) |
|---|---|---|
| committer | Peter Hartmann <phartmann@blackberry.com> | 2014-07-10 20:12:56 (GMT) |
| commit | 59eb561989f7a7b65c3e9b11d0ac062479013bf2 (patch) | |
| tree | 2611a787472b8d8b7cbee7656a8aca278db5679f /src/network/ssl | |
| parent | e66dd978999358efdb4d3edcc89b0455194c4ae1 (diff) | |
| download | Qt-59eb561989f7a7b65c3e9b11d0ac062479013bf2.zip Qt-59eb561989f7a7b65c3e9b11d0ac062479013bf2.tar.gz Qt-59eb561989f7a7b65c3e9b11d0ac062479013bf2.tar.bz2 | |
QSslCertificate: blacklist NIC certificates from India
Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.
(backport of commit 916c9d469bd0df227dc3be97fcca27e3cf58144f)
Change-Id: I22c6637895dcd21b1f7af73fdd5ca39d4747cf9e
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/ssl')
| -rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 254f45b..a015880 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -832,6 +832,10 @@ static const char *certificate_blacklist[] = { "2148", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate "204199", "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency + + "10115", "NIC Certifying Authority", // intermediate certificate from NIC India (2007) + "10130", "NIC CA 2011", // intermediate certificate from NIC India (2011) + "10161", "NIC CA 2014", // intermediate certificate from NIC India (2014) 0 }; |