path: root/dist
diff options
authorDaniel Molkentin <>2014-05-02 00:10:21 +0200
committerThe Qt Project <>2014-05-11 11:34:21 +0200
commit0065b55da42b8c6ee0095264b5275fb708887c9d (patch)
tree9f0b98b10d2601aa2790c83e3f8fa8fe7a07e517 /dist
parent2d1e109578644da6a2f3a27bfe9de602317e5906 (diff)
Ignore expired certificate during certificate validation
OpenSSL has a bug when validating a chain with two certificates. If a certificate exists twice (which is a valid use case for renewed CAs), and the first one it hits is expired (which depends on the order on data structure internal to OpenSSL), it will fail to validate the chain. This is only a bandaid fix, which trades improved chain validation for error reporting accuracy. However given that reissuing of CA certs is a real problem that is only getting worse, this fix is needed. See also: [ChangeLog][QtNetwork][QSslSocket] Added a workaround to an OpenSSL problem that may cause errors when the trust store contains two certificates of the issuing CA, one of which is expired. Task-number: QTBUG-38896 Change-Id: I8f17972ac94555648098624e470fff0eff2e7940 Reviewed-by: Richard J. Moore <> Reviewed-by: Frederik Gladhorn <>
Diffstat (limited to 'dist')
0 files changed, 0 insertions, 0 deletions