Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-38896

Fix Handling of expired certificates

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.3.0 RC1
    • Fix Version/s: 5.3.0
    • Component/s: Network: SSL
    • Labels:
      None
    • Commits:
      f5a4716ccc877f369a6cfcda9b57718dc9018b83

      Description

      If the certificate store contains expired CA certificates along with re-issued (not-expired) version, it will fail sometimes (but not often, based on OpenSSL's internal data structure), if it hits the expired certificate first. This results in effects as decribed in https://bugreports.qt-project.org/browse/QTBUG-20225, and makes it impossible to connect to the site. Since Verisign and other big vendors and some others have certificates that expired a few months ago and others will soon expire, this issue affects more and more people, especially on Windows which fetches new certs via Windows Update, but doesn't purge the old ones.

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              danimo Daniel Molkentin
              Reporter:
              danimo Daniel Molkentin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes