diff options
author | Peter Hartmann <phartmann@blackberry.com> | 2014-07-09 16:22:44 +0200 |
---|---|---|
committer | Richard J. Moore <rich@kde.org> | 2014-07-09 21:30:11 +0200 |
commit | 916c9d469bd0df227dc3be97fcca27e3cf58144f (patch) | |
tree | 3aafd62c2751afda058eca42ca0db9f4b0eca9a1 /src | |
parent | 1b6bc6d34d3d997f1cadf18854da9e40ae5f9ac7 (diff) |
QSslCertificate: blacklist NIC certificates from India
Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.
Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qsslcertificate.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 3b7fa4da09..a113ec156b 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -1219,6 +1219,9 @@ static const char *certificate_blacklist[] = { "08:64", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate "03:1d:a7", "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency + "27:83", "NIC Certifying Authority", // intermediate certificate from NIC India (2007) + "27:92", "NIC CA 2011", // intermediate certificate from NIC India (2011) + "27:b1", "NIC CA 2014", // intermediate certificate from NIC India (2014) 0 }; |