From b3f64f1b4eb949bd639c4a088121a4c5ad2eb743 Mon Sep 17 00:00:00 2001
From: Peter Hartmann <peter.hartmann@nokia.com>
Date: Fri, 25 Mar 2011 13:45:24 +0100
Subject: QSslSocket internals: abort on encountering blacklisted certificates

tested manually with "openssl s_server -cert blacklisted.pem -key
key.pem" and connecting a QSslSocket.

Reviewed-by: Markus Goetz
Task-number: QTBUG-18338
(cherry picked from commit b87528a71b66e786c11804d7b79e408aae612748)
---
 src/network/ssl/qsslsocket_openssl.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 7395c0a..0024ee6 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1183,6 +1183,13 @@ bool QSslSocketBackendPrivate::startHandshake()
     X509 *x509 = q_SSL_get_peer_certificate(ssl);
     configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
     q_X509_free(x509);
+    if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
+        q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));
+        q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
+        emit q->error(QAbstractSocket::SslHandshakeFailedError);
+        plainSocket->disconnectFromHost();
+        return false;
+    }
 
     // Start translating errors.
     QList<QSslError> errors;
-- 
cgit v0.12