From kde-core-devel Fri Jan 29 21:09:45 2010 From: Thiago Macieira Date: Fri, 29 Jan 2010 21:09:45 +0000 To: kde-core-devel Subject: Re: Using system SSL certificates... Message-Id: <201001292210.01228.thiago () kde ! org> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=126479946011508 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--nextPart1431328.4ARonpbDue" --nextPart1431328.4ARonpbDue Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Em Sexta-feira 29. Janeiro 2010, =E0s 18.53.18, Maksim Orlovich escreveu: > > The only thing that's holding me back in updating the Qt certificates is > > to > > decide whether keeping expired certificates is a good thing. > >=20 > > There are 81 certificates in Qt's bundle. One of them is repeated, so 80 > > are > > unique. > >=20 > > However, from those 80, 8 have expired already. > >=20 > > Of the 72 non-expired, unique certificates in Qt, 48 are *not* in the > > Firefox > > certificate store. >=20 > That's worriesome. What sort of validation did those CAs undergo? I have no clue. Here's the file history. Perforce change 311614 are whitespace changes (because QSslCertificate had = a=20 bug where it wouldn't recognise the BEGIN CERTIFICATE line if it had=20 whitespace before the newline) commit 9057f34abec722086774d7eb2836999188f9a4ef Author: Thiago Macieira Date: Fri Jun 20 12:32:14 2008 +0100 p4i integration Integrate 311615 from 4.4 to main: Manual p4 integrate of 311614 [git-p4: depot-paths =3D "//depot/qt/main/": change =3D 311616] :100644 100644 c0e0eef... 7755ca0... M src/network/ssl/qt-ca-bundle.crt commit f8bf9ca4a91b869c329affc303029654c40c2eae Author: Thiago Macieira Date: Fri Jun 20 12:32:11 2008 +0100 Manual p4 integrate of 311614 [git-p4: depot-paths =3D "//depot/qt/4.4/": change =3D 311615] :100644 100644 c0e0eef... 7755ca0... M src/network/ssl/qt-ca-bundle.crt commit 1387eaaf872e54a6972b6747843190aca595cebb Author: Thiago Macieira Date: Tue Sep 25 17:00:16 2007 +0100 Fixes: Reorganise QtNetwork because it's getting big Details: Add subdirectories to Qt Network. Organisation is: - access: network access (will receive the new framework) - kernel: infrastructure (host address, host lookup, etc.) - socket: socket classes and socket engines - ssl: all SSL-related classes, plus the CA bundle [git-p4: depot-paths =3D "//depot/qt/main/": change =3D 277947] :100644 100644 c0e0eef... c0e0eef... R100 src/network/qt-ca-bundle.cr= t =20 src/network/ssl/qt-ca-bundle.crt commit 454337337cd903ab86d3d26252fa8650f31c6c14 Author: ahanssen Date: Tue Mar 20 16:40:17 2007 +0100 p4i integration Integrate 256445 from 4.3 to main: Fixes: More QSslSocket work RevBy: TrustMe AutoTest: Included Details: More coverage. Include George's CA bundle as a resource in QtNetwork. Fix QSslCertificate copy construction (unfinished). [git-p4: depot-paths =3D "//depot/qt/main/": change =3D 256446] :000000 100644 0000000... c0e0eef... A src/network/qt-ca-bundle.crt =2D-=20 Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Senior Product Manager - Nokia, Qt Development Frameworks PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358 --nextPart1431328.4ARonpbDue Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQBLY06bM/XwBW70U1gRAux2AKCtCcWLUjNp4jourkTFQ5Vmng6obgCeO1f3 71FRGUOMqUvoC1Zb7IUA3+c= =Ofjf -----END PGP SIGNATURE----- --nextPart1431328.4ARonpbDue--