Ignore:
Timestamp:
May 16, 2011, 4:09:34 PM (14 years ago)
Author:
Dmitry A. Kuminov
Message:

trunk: Merged in qt 4.7.3 sources from branches/vendor/nokia/qt.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk

  • trunk/src/network/ssl/qsslcertificate.cpp

    r846 r865  
    220220    false.
    221221
    222     Note: Currently, this function only checks that the current
     222    Note: Currently, this function checks that the current
    223223    data-time is within the date-time range during which the
    224     certificate is considered valid. No other checks are
    225     currently performed.
     224    certificate is considered valid, and checks that the
     225    certificate is not in a blacklist of fraudulent certificates.
    226226
    227227    \sa isNull()
     
    230230{
    231231    const QDateTime currentTime = QDateTime::currentDateTime();
    232     return currentTime >= d->notValidBefore && currentTime <= d->notValidAfter;
     232    return currentTime >= d->notValidBefore &&
     233            currentTime <= d->notValidAfter &&
     234            ! QSslCertificatePrivate::isBlacklisted(*this);
    233235}
    234236
     
    799801}
    800802
     803// These certificates are known to be fraudulent and were created during the comodo
     804// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
     805static const char *certificate_blacklist[] = {
     806    "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e",
     807    "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06",
     808    "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3",
     809    "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29",
     810    "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71",
     811    "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47",
     812    "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43",
     813    "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0",
     814    "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0",
     815    0
     816};
     817
     818bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate)
     819{
     820    for (int a = 0; certificate_blacklist[a] != 0; a++) {
     821        if (certificate.serialNumber() == certificate_blacklist[a])
     822            return true;
     823    }
     824    return false;
     825}
     826
    801827#ifndef QT_NO_DEBUG_STREAM
    802828QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
Note: See TracChangeset for help on using the changeset viewer.