~ubuntu-branches/ubuntu/natty/qt4-x11/natty

Viewing changes to debian/patches/kubuntu_30_blacklist_ssl_certificates.diff

Committer: Bazaar Package Importer
Author(s): Jonathan Riddell
Date: 2011-03-25 17:31:29 UTC
Revision ID: james.westby@ubuntu.com-20110325173129-5re0ix4zv4y92olo

Tags: 4:4.7.2-0ubuntu6

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
* Update kubuntu_30_blacklist_ssl_certificates.diff from upstream staging
  - in qsslsocket_openssl.cpp block bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/b87528a71b66e786c11804d7b79e408aae612748
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

files modified:
debian/changelog

debian/patches/kubuntu_30_blacklist_ssl_certificates.diff

src/network/ssl/qsslsocket_openssl.cpp

Show diffs side-by-side

added added

removed removed

debian/patches/kubuntu_30_blacklist_ssl_certificates.diff

src/network/ssl/qsslcertificate.cpp | 34 +++++++++++++++++--

src/network/ssl/qsslcertificate_p.h | 1 +

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp

index 618ac79..a5cdf01 100644

--- a/src/network/ssl/qsslcertificate.cpp

+++ b/src/network/ssl/qsslcertificate.cpp

@@ -219,17 +219,19 @@ bool QSslCertificate::isNull() const

Index: qt4-x11-4.7.2/src/network/ssl/qsslcertificate.cpp

===================================================================

--- qt4-x11-4.7.2.orig/src/network/ssl/qsslcertificate.cpp 2011-03-25 17:30:38.059644389 +0000

+++ qt4-x11-4.7.2/src/network/ssl/qsslcertificate.cpp 2011-03-25 17:31:17.879644378 +0000

@@ -219,17 +219,19 @@

Returns true if this certificate is valid; otherwise returns

false.

}

/*!

@@ -798,6 +800,30 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr

@@ -798,6 +800,30 @@

return certificates;

}

#ifndef QT_NO_DEBUG_STREAM

QDebug operator<<(QDebug debug, const QSslCertificate &certificate)

{

diff --git a/src/network/ssl/qsslcertificate_p.h b/src/network/ssl/qsslcertificate_p.h

index cdceb0f..1ce33d3 100644

--- a/src/network/ssl/qsslcertificate_p.h

+++ b/src/network/ssl/qsslcertificate_p.h

@@ -96,6 +96,7 @@ public:

Index: qt4-x11-4.7.2/src/network/ssl/qsslcertificate_p.h

===================================================================

--- qt4-x11-4.7.2.orig/src/network/ssl/qsslcertificate_p.h 2011-03-25 17:30:38.039644389 +0000

+++ qt4-x11-4.7.2/src/network/ssl/qsslcertificate_p.h 2011-03-25 17:31:17.889644378 +0000

@@ -96,6 +96,7 @@

static QSslCertificate QSslCertificate_from_X509(X509 *x509);

static QList<QSslCertificate> certificatesFromPem(const QByteArray &pem, int count = -1);

static QList<QSslCertificate> certificatesFromDer(const QByteArray &der, int count = -1);

friend class QSslSocketBackendPrivate;

Index: qt4-x11-4.7.2/src/network/ssl/qsslsocket_openssl.cpp

===================================================================

--- qt4-x11-4.7.2.orig/src/network/ssl/qsslsocket_openssl.cpp 2011-02-22 12:04:00.000000000 +0000

+++ qt4-x11-4.7.2/src/network/ssl/qsslsocket_openssl.cpp 2011-03-25 17:31:17.899644378 +0000

@@ -1183,6 +1183,13 @@

X509 *x509 = q_SSL_get_peer_certificate(ssl);

configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);

q_X509_free(x509);

+ if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {

+ q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));

+ q->setSocketError(QAbstractSocket::SslHandshakeFailedError);

+ emit q->error(QAbstractSocket::SslHandshakeFailedError);

100

+ plainSocket->disconnectFromHost();

101

+ return false;

102

+ }

103

104

// Start translating errors.

105

QList<QSslError> errors;

Older »