From 916c9d469bd0df227dc3be97fcca27e3cf58144f Mon Sep 17 00:00:00 2001
From: Peter Hartmann <phartmann@blackberry.com>
Date: Wed, 9 Jul 2014 16:22:44 +0200
Subject: QSslCertificate: blacklist NIC certificates from India

Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.

Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
---
 src/network/ssl/qsslcertificate.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/network')

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 3b7fa4da09..a113ec156b 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -1219,6 +1219,9 @@ static const char *certificate_blacklist[] = {
     "08:64",                                           "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
 
     "03:1d:a7",                                        "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency
+    "27:83",                                           "NIC Certifying Authority", // intermediate certificate from NIC India (2007)
+    "27:92",                                           "NIC CA 2011", // intermediate certificate from NIC India (2011)
+    "27:b1",                                           "NIC CA 2014", // intermediate certificate from NIC India (2014)
     0
 };
 
-- 
cgit v1.2.3