On Sunday 04 September 2011 02:34:13 Mike Hommey wrote: > On Sun, Sep 04, 2011 at 01:37:19AM -0500, Raphael Geissert wrote: > > * Qt: > > Qt4 has built-in support for SSL via OpenSSL. > > Qt 4.7 (wheezey+) uses certs from /etc/ssl > > Qt 4.6 and older (lenny, squeeze) uses its own bundled list of certs. > > DigiNotar not included > > If Entrust is included, there's still a problem. Right. It appears to be included: subject= /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority serial=374AD243 Staat der Nederlanden is not included. I attached the full list for future references, I extracted it from current HEAD (8f427b2) of the 4.6 branch of Qt. The common denominator here is still OpenSSL. If we make it reject DigiNotar certs, we can protect most of the SSL/TLS users. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Attachment:
qt-ca-bundle.lst.gz
Description: GNU Zip compressed data