Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-96724

TLS: Test verification of certificate with a system root CA

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • P2: Important
    • None
    • None
    • Network: SSL
    • None
    • All

    Description

      Following QTBUG-96606 it became clear that we don't have any tests at the moment which connects to and, inadvertently, verifies the TLS certificate of a remote which has a root CA that's stored in the system stores.

      Now this is more complex than simply adding a new test. We have had tests using external dependencies in the past but these were always flaky and would block integrations as soon as the service had some trouble.

      One option could be to connect to a service and ignore the result if it fails to connect for any reason other than a failed TLS handshake.

      One question would be which service to target with this since the service would get connected to by every CI machine. Though we could get IP-blocked if we connect to it too much, which would not be ideal.

      We could also have an internal service, as long as its certificate is actually signed by a normal certificate authority.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            manordheim Mårten Nordheim
            manordheim Mårten Nordheim
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes