Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-19087

SSL: implement blacklisting not only based on serial number, but also on the signature / public key / issuer

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 4.8.0, 5.0.0
    • 4.7.3
    • Network: SSL
    • None
    • 6b1a8129623e3716f2fc075608b260ce7c381fe2

    Description

      one could run a DOS attack with issuing a fraudulent certificate with a serial number equal to the serial number of a valid certificate in order to get it blacklisted.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. QTBUG-18338 blacklist fraudulent SSL certifcates

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              phartman Peter Hartmann (closed Nokia identity) (Inactive)
              phartman Peter Hartmann (closed Nokia identity) (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes