[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

On Sunday 04 September 2011 02:34:13 Mike Hommey wrote:
> On Sun, Sep 04, 2011 at 01:37:19AM -0500, Raphael Geissert wrote:
> > * Qt:
> > Qt4 has built-in support for SSL via OpenSSL.
> > Qt 4.7 (wheezey+) uses certs from /etc/ssl
> > Qt 4.6 and older (lenny, squeeze) uses its own bundled list of certs.
> > DigiNotar not included
> If Entrust is included, there's still a problem.

Right. It appears to be included:

subject= /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits 
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server 
Certification Authority

Staat der Nederlanden is not included. I attached the full list for future 
references, I extracted it from current HEAD (8f427b2) of the 4.6 branch of 

The common denominator here is still OpenSSL. If we make it reject DigiNotar 
certs, we can protect most of the SSL/TLS users.

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Attachment: qt-ca-bundle.lst.gz
Description: GNU Zip compressed data

Reply to: