summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslsocket_openssl.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 0ff17910f3..14a3899bfd 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1270,12 +1270,15 @@ bool QSslSocketBackendPrivate::startHandshake()
// Start translating errors.
QList<QSslError> errors;
- if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
- QSslError error(QSslError::CertificateBlacklisted, configuration.peerCertificate);
- errors << error;
- emit q->peerVerifyError(error);
- if (q->state() != QAbstractSocket::ConnectedState)
- return false;
+ // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer)
+ foreach (const QSslCertificate &cert, configuration.peerCertificateChain) {
+ if (QSslCertificatePrivate::isBlacklisted(cert)) {
+ QSslError error(QSslError::CertificateBlacklisted, cert);
+ errors << error;
+ emit q->peerVerifyError(error);
+ if (q->state() != QAbstractSocket::ConnectedState)
+ return false;
+ }
}
bool doVerifyPeer = configuration.peerVerifyMode == QSslSocket::VerifyPeer
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 09:17:46 +0000