summaryrefslogtreecommitdiffstats
path: root/src/network
diff options
context:
space:
mode:
authorPeter Hartmann <phartmann@blackberry.com>2014-07-09 16:22:44 +0200
committerRichard J. Moore <rich@kde.org>2014-07-09 21:30:11 +0200
commit916c9d469bd0df227dc3be97fcca27e3cf58144f (patch)
tree3aafd62c2751afda058eca42ca0db9f4b0eca9a1 /src/network
parent1b6bc6d34d3d997f1cadf18854da9e40ae5f9ac7 (diff)
QSslCertificate: blacklist NIC certificates from India
Those intermediate certificates were used to issue "unauthorized" certificates according to http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html , and are by default trusted on Windows, so to be safe we blacklist them here. Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596 Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network')
-rw-r--r--src/network/ssl/qsslcertificate.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 3b7fa4da09..a113ec156b 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -1219,6 +1219,9 @@ static const char *certificate_blacklist[] = {
"08:64", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
"03:1d:a7", "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency
+ "27:83", "NIC Certifying Authority", // intermediate certificate from NIC India (2007)
+ "27:92", "NIC CA 2011", // intermediate certificate from NIC India (2011)
+ "27:b1", "NIC CA 2014", // intermediate certificate from NIC India (2014)
0
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 21:42:27 +0000