diff options
author | Gunnar Sletta <gunnar.sletta@nokia.com> | 2011-09-12 07:49:03 +0200 |
---|---|---|
committer | Gunnar Sletta <gunnar.sletta@nokia.com> | 2011-09-12 07:49:03 +0200 |
commit | a9ac6da893ac10ce160c9eb80141508881cd71e2 (patch) | |
tree | 0e74067407612d44ad07ff74cb7be6d444ee28c5 /src/network/ssl/qsslsocket_openssl.cpp | |
parent | 8eb5ba3b9cb1e8e07f28a3153672a946b2d82fd9 (diff) | |
parent | 687461627310e8b781da15d1a907c35bd8ffea6e (diff) |
Merge branch 'master' into refactor
Conflicts:
src/3rdparty/v8
src/gui/text/qfont_qpa.cpp
src/gui/widgets/qlinecontrol.cpp
src/plugins/platforms/fontdatabases/fontconfig/qfontconfigdatabase.cpp
tests/auto/gui.pro
tests/auto/network.pro
tests/auto/qstring/tst_qstring.cpp
Change-Id: Id118c172645303ccf06a207050d5bf1462ff57fe
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 0ff17910f3..14a3899bfd 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1270,12 +1270,15 @@ bool QSslSocketBackendPrivate::startHandshake() // Start translating errors. QList<QSslError> errors; - if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) { - QSslError error(QSslError::CertificateBlacklisted, configuration.peerCertificate); - errors << error; - emit q->peerVerifyError(error); - if (q->state() != QAbstractSocket::ConnectedState) - return false; + // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer) + foreach (const QSslCertificate &cert, configuration.peerCertificateChain) { + if (QSslCertificatePrivate::isBlacklisted(cert)) { + QSslError error(QSslError::CertificateBlacklisted, cert); + errors << error; + emit q->peerVerifyError(error); + if (q->state() != QAbstractSocket::ConnectedState) + return false; + } } bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer |