From 7a78248e9cbce223364ad39070629ede2f80a3a4 Mon Sep 17 00:00:00 2001
From: Peter Hartmann <peter.hartmann@nokia.com>
Date: Fri, 4 Nov 2011 16:56:12 +0100
Subject: SSL: blacklist intermediate certificates that issued weak certs

... as did browser vendors.
Tested manually with affected CA certificates.

Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit e1d6df4e5931ee49b4b68dd5a33146f5639268b7)

Change-Id: I5bf6c147abf6d2de0f313d65faa2d9a1e9684cea
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
---
 src/network/ssl/qsslcertificate.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/network/ssl')

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 1810270d7c..0710001198 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -1150,6 +1150,9 @@ static const char *certificate_blacklist[] = {
 //    "(has not been seen in the wild so far)", "Stichting TTP Infos CA," // compromised during DigiNotar breach
     "1184640175", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust
     "1184644297", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust
+
+    "120001705", "Digisign Server ID (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Verizon CyberTrust
+    "1276011370", "Digisign Server ID - (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Entrust
     0
 };
 
-- 
cgit v1.2.3