QSslCertificate: blacklist NIC certificates from India

Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.

Change-Id: I9891c5bee2dd82c22eb0f45e9b04abd25efeb596
Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
Peter Hartmann 2014-07-09 16:22:44 +02:00 committed by Richard J. Moore
parent 1b6bc6d34d
commit 916c9d469b
4 changed files with 80 additions and 0 deletions

View File

@ -1219,6 +1219,9 @@ static const char *certificate_blacklist[] = {
"08:64", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
"03:1d:a7", "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency
"27:83", "NIC Certifying Authority", // intermediate certificate from NIC India (2007)
"27:92", "NIC CA 2011", // intermediate certificate from NIC India (2011)
"27:b1", "NIC CA 2014", // intermediate certificate from NIC India (2014)
0
};

View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgICJ4MwDQYJKoZIhvcNAQEFBQAwOjELMAkGA1UEBhMCSU4x
EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMDcwHhcN
MDcwNzAyMDY0MTU5WhcNMTUwNzA0MDYzMDAwWjCBsDELMAkGA1UEBhMCSU4xJDAi
BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEOMAwGA1UECxMFTklD
Q0ExITAfBgNVBAMTGE5JQyBDZXJ0aWZ5aW5nIEF1dGhvcml0eTESMBAGA1UEBxMJ
TmV3IERlbGhpMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QGNhbWFpbC5uaWMuaW4x
DjAMBgNVBAgTBURlbGhpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
wLRKDEWWC1iWcxpVgA7GJEjQVjGIMx9XPLoaMKXiEQdajHgmjKdOhlFkSWiHgiCS
Uo39U0/UoC4rAYzBCcfHWdAGjXNs7dt/cz+muK2aMoPoAgXWLF2A48CJMrTcyNFE
HryIYJeCiK8DTlEhBxL8II9VBx8qKSquizh4MQTmpqvfjHNqd6qCHF6q8W439io5
kVIFnGNd/p0V5HFv0OpWeF/IpKJA1m1lb729FwfsVpqipf7DLVQUKtSjK/32RDtB
hnAmkDlW6IZRPs2F896A5COPSDjJlAeUX8JqDnBOr64bPRgUy0VDnW/soRB3knkn
5w5ueXj3DrgONtjGcBSwVwIDAQABo4HOMIHLMA8GA1UdEwEB/wQFMAMBAf8wEQYD
VR0OBAoECEwne24Nsv9UMBMGA1UdIwQMMAqACE8ewFgn2LjkMAsGA1UdDwQEAwIB
BjCBggYDVR0fBHsweTB3oHWgc4ZxbGRhcDovL25yZGMuY2NhLmdvdi5pbjozODkv
Y249Q0NBIEluZGlhIDIwMDcsb3U9Q0NBIEluZGlhIDIwMDcsbz1JbmRpYSBQS0ks
Yz1JTj9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeT8wDQYJKoZIhvcN
AQEFBQADggEBAKx6RkVgMGQADgl4jTy3qBDq8nvkegDaDnviTUsGzsR6RpooT0xd
wuKiRU0I7p2gAo6uBTMEZtS+XWJz+7xlfo4fao5XIU4e1fxkQuxddM23/J7M4+Uz
3pL7ziK5RcVizhQqz3IjSH440/OoFhUBT5d5WWN0hliEcr7+6nLPAOcAX/qR509a
Djd/aonfyQFCMyfiPpYLx5ElTuqUZeHApJ58+Iprwbu3EIux+C+mfS8QCMY+WYje
aocCIwIutrmoxIXxGy9yV5OKIe2+4wsCT8aNin+6AV7qNTmFVhp+MF50v69ONTO7
w2Sa+ire2N5FgklMW2WTCi8d8rwLzaWuse4=
-----END CERTIFICATE-----

View File

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEWzCCA0OgAwIBAgICJ5IwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x
EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTEwHhcN
MTEwMzExMDgxNTExWhcNMTYwMzExMDYzMDAwWjCByDELMAkGA1UEBhMCSU4xJDAi
BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEdMBsGA1UECxMUQ2Vy
dGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEOMAwGA1UECBMFRGVs
aGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEdMBsGA1UEMwwUQS1C
bG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAyMDExMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7J/N88MoXcCHTz4A5DKF59+8kvSnriGr
TEowLSa5NCvH+o89+Mf7V260kKZJ/hQox5RG/F8/gY7u9ziLeypbedeG8EIl88HC
4x9hT0SNLsrj9qo90waDuGYB4/KQ8q5E6ivVxxV0epzQfFA5A5biKltPBbku/M4D
iZ+TqBbHxo6nRUEZoukJi0+JLykGI4VpJlQBzow04omxQUZHzvCffo6QvN6FdzZ0
MopwqaggyfHDFu9o4elCR9Kd/obYlgXAHLYwJlN0pybbe2WpKj81/pxDhKgxrVN+
OZaI5OMBBkjDRQG+ZyEnQb8XYMNPJbOgQGYgsRdPPjIn7poTzxe7SQIDAQABo4Hb
MIHYMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0OBAoECE5VT66z36FmMBIGA1Ud
IAQLMAkwBwYFYIJkZAIwEwYDVR0jBAwwCoAITQeoY/LbHN8wLgYIKwYBBQUHAQEE
IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vb2N2cy5nb3YuaW4wDgYDVR0PAQH/BAQD
AgEGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jY2EuZ292LmluL3J3L3Jlc291
cmNlcy9DQ0FJbmRpYTIwMTFMYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5
LCqtHbxfO72KRWJbW9dAHNh2xh8n7wstNgSPHLbjL5B0l7RZlCFauy4fjc2faMiB
xnOq5oEXeIZBrT2NkuEymQ8f0Pzm3pcXrMkFrj78SiA07/cPQShBKKpw39t6puJV
8ykiVZMZvSCjCzzZZlVO12b2ChADkf6wtseftx5O/zBsqP3Y2+3+KvEeDVtuseKu
FV2OxSsqSfffJq7IYTwpRPOVzHGJnjV3Igtj3zAzZm8CWxRM/yhnkGyVc+xz/T7o
WY0870eciR+bmLjZ9j0opudZR6e+lCsMHH2Lxc8C/0XRcCzcganxfWCb/fb0gx44
iY0a+wWCVebjuyKU/BXk
-----END CERTIFICATE-----

View File

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEWzCCA0OgAwIBAgICJ7EwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x
EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTQwHhcN
MTQwMzA1MTExNTI0WhcNMjQwMzA1MDYzMDAwWjCByDELMAkGA1UEBhMCSU4xJDAi
BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEdMBsGA1UECxMUQ2Vy
dGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEOMAwGA1UECBMFRGVs
aGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEdMBsGA1UEMxMUQS1C
bG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAyMDE0MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/OQ56Ge9MhJiBwtOlCJP4p5gjcCuqkQ2
6BCSQgfAsxyNxAwtL1f0h3d5KNFIInIG2Y9PwBgUrgavOWy2cZICxgXIGaOzK5bI
TyGhxYMPUzkazGppfj0ScW7Ed/kjeDnic3WlYkPwtNaV1qwTElr8zqPUtT27ZDqd
6upor9MICngXAC1tHjhPuGrGtu4i6FMPrmkofwdh8dkuRzU/OPjf9lA+E9Qu0Nvq
soI9grJA0etgRfn9juR4X3KTG21qHnza50PpMYC4+vh8jAnIT7Kcz8Ggr4eghkvP
+iz2yEtIcV9M1xeo98XU/jxuYS7LeWtO79jkiqCIqgI8T3x7LHuCaQIDAQABo4Hb
MIHYMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0OBAoECEZwyi8lTsNHMBIGA1Ud
IAQLMAkwBwYFYIJkZAIwEwYDVR0jBAwwCoAIQrjFz22zV+EwLgYIKwYBBQUHAQEE
IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vb2N2cy5nb3YuaW4wDgYDVR0PAQH/BAQD
AgEGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jY2EuZ292LmluL3J3L3Jlc291
cmNlcy9DQ0FJbmRpYTIwMTRMYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCB
i3iJeUlkfjY96HgfBIUEsLi+knO3VUrxDmwps1YyhgRSt22NQLZ4jksSWLI2EQbn
9k5tH8rwSbsOWf+TZH7jpaKAVSYi1GhEbGR/C2ZeFiWATwtPWKoVGwx/ksUO9YPM
zf0wh6fDIuyBJIs/nuN93+L2ib+TS5viNky+HrR3XyqE0z43W5bbzMbido3lbwgr
drMWD6hCNSZs888L0Se4rn2ei0aPmHmxjDjbExF3NF6m2uYC/wAR4cVIzMvvptFY
n+SAdG/pwkKHaMVncB/cxxEWiKzOxVpjBsM4N19lpxp2RU/n+x7xRK3WTQvNAZdU
7pcAYmZIXPu/ES9qpK4f
-----END CERTIFICATE-----