QSslCertificate: report fraudulent certificates as invalid

There are some fraudulent certificates in the wild that are not valid;
this patch introduces a blacklist of serial numbers of those
certificates.

Reviewed-by: Richard J. Moore
Reviewed-by: Markus Goetz
Task-number: QTBUG-18338

1 files changed, 11 insertions, 0 deletions

diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
index 1e3a8ddb4b..ae7d6b17ca 100644
--- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
@@ -111,6 +111,8 @@ private slots:
     void nulInSan();
     void largeSerialNumber();
     void largeExpirationDate();
+    void blacklistedCertificates();
+
 // ### add tests for certificate bundles (multiple certificates concatenated into a single
 //     structure); both PEM and DER formatted
 #endif
@@ -817,6 +819,15 @@ void tst_QSslCertificate::largeExpirationDate() // QTBUG-12489
     QCOMPARE(cert.expiryDate().toUTC(), QDateTime(QDate(2051, 8, 29), QTime(9, 53, 41), Qt::UTC));
 }
 
+void tst_QSslCertificate::blacklistedCertificates()
+{
+    QList<QSslCertificate> blacklistedCerts = QSslCertificate::fromPath(SRCDIR "more-certificates/blacklisted*.pem", QSsl::Pem, QRegExp::Wildcard);
+    QVERIFY(blacklistedCerts.count() > 0);
+    for (int a = 0; a < blacklistedCerts.count(); a++) {
+        QVERIFY(! blacklistedCerts.at(a).isValid());
+    }
+}
+
 #endif // QT_NO_OPENSSL
 
 QTEST_MAIN(tst_QSslCertificate)