Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-19825

SSL should present the whole certificate chain for local certificate

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P3: Somewhat important
    • 5.1.0
    • 4.7.3
    • Network: SSL
    • None
    • 19d9e81b393544f6bd9e6a71d344e1b0f9c378ff

    Description

      QSslConfiguration::setLocalCertificate only accepts one single certificate. But aduring client authentication, the client must present his certificate including the full chain of intermediate certificates up to (and including) the root.

      The actual implementation does not work, if the server only installs the CA-root-certificate, but not the issuing certificates, and the CA uses issuing certificate (as e.g. SwissSign).

      void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat format) ignores all certificats exept the first one and QSslConfiguration::setLocalCertificate does not accept a list. Both should be corrected.

      The same problem exists in Apple/Safari, b.t.w.

      Attachments

        Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-13281 qsslsocket is missing a function to load server's chain of certificates

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed
          For Gerrit Dashboard: QTBUG-19825
          # Subject Branch Project Status CR V
          47550,4 Add support for intermediate certificates to server sockets. dev qt/qtbase Status: MERGED +2 0

          Activity

            People

              richmoore Richard Moore (qtnetwork)
              mrw Marc Wäckerlin
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes