Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-4455

SSL wildcard verification too broad

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 4.7.0
    • 4.3.0
    • Network: SSL
    • None
    • 5f6018564668d368f75e431c4cdac88d7421cff0

    Description

      QSslSocket applies the * in the wildcard verification to the entire hostname, meaning it can match more than one domain label. At the limit, in case of a bad configuration or malicious system, a certificate with CN=* would serve as a universal certificate.

      Qt should apply the wildcard to a single DNS domain label only.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            phartman Peter Hartmann (closed Nokia identity) (Inactive)
            tmacieir Thiago Macieira (closed Nokia identity) (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes