[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: =?utf-8?q?=5Bqt-kde=5D_src/network/ssl=3A_QSslSocket_internals?=
From: "Richard J.Moore" <rich () kde ! org>
Date: 2011-03-26 14:42:05
Message-ID: 20110326144205.8524BA60A6 () git ! kde ! org
[Download RAW message or body]
Git commit 89c7f196ca1b33c1590d2dd3e843ed5998217ce1 by Richard J. Moore. on behalf of Peter Hartmann
Committed on 25/03/2011 at 13:45.
Pushed by rich into branch 'master'.
QSslSocket internals: abort on encountering blacklisted certificates
tested manually with "openssl s_server -cert blacklisted.pem -key
key.pem" and connecting a QSslSocket.
Reviewed-by: Markus Goetz
Task-number: QTBUG-18338
(cherry picked from commit b87528a71b66e786c11804d7b79e408aae612748)
M +7 -0 src/network/ssl/qsslsocket_openssl.cpp
http://commits.kde.org/qt-kde/89c7f196ca1b33c1590d2dd3e843ed5998217ce1
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 37a07c2..9c6ec02 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1114,6 +1114,13 @@ bool QSslSocketBackendPrivate::startHandshake()
X509 *x509 = q_SSL_get_peer_certificate(ssl);
configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
q_X509_free(x509);
+ if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
+ q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));
+ q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
+ emit q->error(QAbstractSocket::SslHandshakeFailedError);
+ plainSocket->disconnectFromHost();
+ return false;
+ }
// Start translating errors.
QList<QSslError> errors;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic