Details
-
Bug
-
Resolution: Done
-
P2: Important
-
4.3.0
-
None
-
5f6018564668d368f75e431c4cdac88d7421cff0
Description
QSslSocket applies the * in the wildcard verification to the entire hostname, meaning it can match more than one domain label. At the limit, in case of a bad configuration or malicious system, a certificate with CN=* would serve as a universal certificate.
Qt should apply the wildcard to a single DNS domain label only.