Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.3.0 RC1
-
None
-
f5a4716ccc877f369a6cfcda9b57718dc9018b83
Description
If the certificate store contains expired CA certificates along with re-issued (not-expired) version, it will fail sometimes (but not often, based on OpenSSL's internal data structure), if it hits the expired certificate first. This results in effects as decribed in https://bugreports.qt-project.org/browse/QTBUG-20225, and makes it impossible to connect to the site. Since Verisign and other big vendors and some others have certificates that expired a few months ago and others will soon expire, this issue affects more and more people, especially on Windows which fetches new certs via Windows Update, but doesn't purge the old ones.
Attachments
Issue Links
- is required for
-
QTBUG-38885 Issues to be fixed before 5.3.0 release
- Closed
For Gerrit Dashboard: QTBUG-38896 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
85087,3 | Ignore expired certificate during certificate validation | release | qt/qtbase | Status: MERGED | +2 | 0 |
103655,2 | Ignore expired certificate during certificate validation | 4.8 | qt/qt | Status: MERGED | +2 | 0 |