Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-4455

SSL wildcard verification too broad

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 4.3.0
    • Fix Version/s: 4.7.0
    • Component/s: Network: SSL
    • Labels:
      None
    • Commits:
      5f6018564668d368f75e431c4cdac88d7421cff0

      Description

      QSslSocket applies the * in the wildcard verification to the entire hostname, meaning it can match more than one domain label. At the limit, in case of a bad configuration or malicious system, a certificate with CN=* would serve as a universal certificate.

      Qt should apply the wildcard to a single DNS domain label only.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              phartman Peter Hartmann (closed Nokia identity) (Inactive)
              Reporter:
              tmacieir Thiago Macieira (closed Nokia identity) (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes