From bf5e7fb2652669599a508e049b46ebd5cd3206e5 Mon Sep 17 00:00:00 2001
From: Peter Hartmann <phartmann@rim.com>
Date: Fri, 4 Jan 2013 11:06:14 +0100
Subject: SSL certificates: blacklist mis-issued Turktrust certificates

Those certificates have erroneously set the CA attribute to true,
meaning everybody in possesion of their keys can issue certificates on
their own.

Task-number: QTBUG-28937

Change-Id: Iff351e590ad3e6ab802e6fa1d65a9a9a9f7683de
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
---
 src/network/ssl/qsslcertificate.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 6d3a77b45f..fbe60e99bf 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -1205,6 +1205,9 @@ static const char *certificate_blacklist[] = {
     "4c:0e:63:6a",                                     "Digisign Server ID - (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Entrust
     "72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0", "UTN-USERFirst-Hardware", // comodogate test certificate
     "41",                                              "MD5 Collisions Inc. (http://www.phreedom.org/md5)", // http://www.phreedom.org/research/rogue-ca/
+
+    "08:27",                                           "*.EGO.GOV.TR", // Turktrust mis-issued intermediate certificate
+    "08:64",                                           "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
     0
 };
 
-- 
cgit v1.2.3