Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-18228

Missing certificates on Windows 7

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 4.7.2
    • Fix Version/s: 5.0.0
    • Component/s: Network: SSL
    • Labels:
      None

      Description

      We have been getting a number of complaints lately from customers running Windows 7, getting SSL certificate validation errors.
      It seems that newer Windows editions do not longer update the complete root certificate list regularly (e.g. Valicert/Starfield is missing), but download missing certificates on-demand.

      Problem occurs if:

      • customer has never visited the SSL site before with another application.
      • customer uses our application to access a SSL site.

      The problem does not occur if:

      • customer visits the SSL site first with Internet Explorer, this auto-installs the missing certificate.
      • and then uses our application.

      As a workaround we currently ship the missing certificates with our application, and that seems to work.
      However for a long term solution I think Qt should use the CryptoAPI to ask for a specific certificate, instead of consulting the local list like it does now, to trigger the update.

      I see there is already a related bug for on-demand loading: http://bugreports.qt.nokia.com/browse/QTBUG-14016
      But it has been marked as done for Qt 4.8. Any chance of adding it to Qt 4.7 as well, as having working certificate validation is quite essential?

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              shkearns Shane Kearns
              Reporter:
              max Max
              Votes:
              5 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes