Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-19825

SSL should present the whole certificate chain for local certificate

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3: Somewhat important
    • Resolution: Done
    • Affects Version/s: 4.7.3
    • Fix Version/s: 5.1.0
    • Component/s: Network: SSL
    • Labels:
      None
    • Commits:
      19d9e81b393544f6bd9e6a71d344e1b0f9c378ff

      Description

      QSslConfiguration::setLocalCertificate only accepts one single certificate. But aduring client authentication, the client must present his certificate including the full chain of intermediate certificates up to (and including) the root.

      The actual implementation does not work, if the server only installs the CA-root-certificate, but not the issuing certificates, and the CA uses issuing certificate (as e.g. SwissSign).

      void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat format) ignores all certificats exept the first one and QSslConfiguration::setLocalCertificate does not accept a list. Both should be corrected.

      The same problem exists in Apple/Safari, b.t.w.

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              richmoore Richard Moore (qtnetwork)
              Reporter:
              mrw Marc W├Ąckerlin
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes