diff options
| author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-25 12:45:24 (GMT) |
|---|---|---|
| committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-25 13:05:03 (GMT) |
| commit | b87528a71b66e786c11804d7b79e408aae612748 (patch) | |
| tree | f2d6c7e27f6db29f1e7d013f48cbe0d819df2305 /src | |
| parent | aeabe790203e7dcb1786e0dad7b4608f1e45b7d5 (diff) | |
| download | Qt-b87528a71b66e786c11804d7b79e408aae612748.zip Qt-b87528a71b66e786c11804d7b79e408aae612748.tar.gz Qt-b87528a71b66e786c11804d7b79e408aae612748.tar.bz2 | |
QSslSocket internals: abort on encountering blacklisted certificates
tested manually with "openssl s_server -cert blacklisted.pem -key
key.pem" and connecting a QSslSocket.
Reviewed-by: Markus Goetz
Task-number: QTBUG-18338
Diffstat (limited to 'src')
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 0866534..2427193 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1193,6 +1193,13 @@ bool QSslSocketBackendPrivate::startHandshake() X509 *x509 = q_SSL_get_peer_certificate(ssl); configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509); q_X509_free(x509); + if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) { + q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted")); + q->setSocketError(QAbstractSocket::SslHandshakeFailedError); + emit q->error(QAbstractSocket::SslHandshakeFailedError); + plainSocket->disconnectFromHost(); + return false; + } // Start translating errors. QList<QSslError> errors; |