Go to file
Daniel Molkentin 0065b55da4 Ignore expired certificate during certificate validation
OpenSSL has a bug when validating a chain with two certificates.
If a certificate exists twice (which is a valid use case for renewed
CAs), and the first one it hits is expired (which depends on the order
on data structure internal to OpenSSL), it will fail to validate the
chain.

This is only a bandaid fix, which trades improved chain validation
for error reporting accuracy. However given that reissuing of CA certs
is a real problem that is only getting worse, this fix is needed.

See also: https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html#WARNINGS

[ChangeLog][QtNetwork][QSslSocket] Added a workaround to an OpenSSL problem
that may cause errors when the trust store contains two certificates of the
issuing CA, one of which is expired.

Task-number: QTBUG-38896
Change-Id: I8f17972ac94555648098624e470fff0eff2e7940
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@digia.com>
2014-05-11 11:34:21 +02:00
bin automate handling of generated headers some more 2014-02-28 03:17:11 +01:00
config.tests Use category names when logging to the journal 2014-04-05 13:27:05 +02:00
dist update changelog for QtSql 5.3.0 2014-05-07 14:45:54 +02:00
doc Doc: Update the list of highlighted examples 2014-05-09 17:25:46 +02:00
examples purge vestiges of opengl es 1 support 2014-04-04 19:32:21 +02:00
lib
mkspecs mkspec (iOS): use QTPLUGIN.platforms=- 2014-04-30 18:23:00 +02:00
qmake Fix vcxproj generation on Windows Phone 2014-04-25 06:44:18 +02:00
src Ignore expired certificate during certificate validation 2014-05-11 11:34:21 +02:00
tests Fix assert on justification of QTextLine with only spaces 2014-04-30 18:23:33 +02:00
tools Revert "Automatically link printsupport plugins to static applications." 2014-04-18 07:44:57 +02:00
util Introduce QChar::JoiningType enum and QChar::joiningType() method 2014-01-29 23:19:47 +01:00
.gitattributes Update the git-archive export options 2012-09-07 15:39:31 +02:00
.gitignore Add .dylib and .d to .gitignore 2014-03-29 00:40:46 +01:00
.qmake.conf Enable -Werror for all of qtbase 2013-09-04 01:50:10 +02:00
.tag Update the git-archive export options 2012-09-07 15:39:31 +02:00
configure Build Qt tools for iOS 2014-04-23 06:31:08 +02:00
configure.bat get rid of syncqt wrapper scripts 2013-05-13 21:54:48 +02:00
header.BSD Update copyright year in Digia's license headers 2013-01-18 09:07:35 +01:00
header.FDL Update copyright year in Digia's license headers 2013-01-18 09:07:35 +01:00
header.LGPL Update copyright year in Digia's license headers 2013-01-18 09:07:35 +01:00
header.LGPL-ONLY Update copyright year in Digia's license headers 2013-01-18 09:07:35 +01:00
INSTALL Doc: Update links in INSTALL file 2014-01-16 20:37:25 +01:00
LGPL_EXCEPTION.txt Change copyrights from Nokia to Digia 2012-09-22 19:20:11 +02:00
LICENSE.FDL
LICENSE.GPL
LICENSE.LGPL Update copyright year in LICENSE.LGPL 2014-03-31 12:36:33 +02:00
LICENSE.PREVIEW.COMMERCIAL Update LICENSE.PREVIEW.COMMERCIAL license 2013-06-03 20:04:26 +02:00
qtbase.pro move generation of qconfig.h forwarding headers to qtbase.pro 2014-02-28 03:17:11 +01:00
sync.profile automate handling of generated headers some more 2014-02-28 03:17:11 +01:00