SSL certificates: blacklist mis-issued Turktrust certificates

Those certificates have erroneously set the CA attribute to true, meaning everybody in possesion of their keys can issue certificates on their own. Task-number: QTBUG-28937 Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de Reviewed-by: Richard J. Moore <rich@kde.org> Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
author: Peter Hartmann <phartmann@rim.com> 2013-01-04 11:06:14 +0100
committer: The Qt Project <gerrit-noreply@qt-project.org> 2013-01-04 15:19:17 +0100
commit: bf5e7fb2652669599a508e049b46ebd5cd3206e5 (patch)
tree: 9a4116478e38195774863f41de2f792a83a72bfa /src
parent: 89f862ab10893dcfc707fa9bcdbea6fb449600ca (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 6d3a77b45f..fbe60e99bf 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -1205,6 +1205,9 @@ static const char *certificate_blacklist[] = {
     "4c:0e:63:6a",                                     "Digisign Server ID - (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Entrust
     "72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0", "UTN-USERFirst-Hardware", // comodogate test certificate
     "41",                                              "MD5 Collisions Inc. (http://www.phreedom.org/md5)", // http://www.phreedom.org/research/rogue-ca/
+
+    "08:27",                                           "*.EGO.GOV.TR", // Turktrust mis-issued intermediate certificate
+    "08:64",                                           "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
     0
 };
author	Peter Hartmann <phartmann@rim.com>	2013-01-04 11:06:14 +0100
committer	The Qt Project <gerrit-noreply@qt-project.org>	2013-01-04 15:19:17 +0100
commit	bf5e7fb2652669599a508e049b46ebd5cd3206e5 (patch)
tree	9a4116478e38195774863f41de2f792a83a72bfa /src
parent	89f862ab10893dcfc707fa9bcdbea6fb449600ca (diff)