[Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Raphael Geissert
geissert at debian.org
Sun Sep 4 18:17:31 UTC 2011
On Sunday 04 September 2011 02:34:13 Mike Hommey wrote:
> On Sun, Sep 04, 2011 at 01:37:19AM -0500, Raphael Geissert wrote:
> > * Qt:
> > Qt4 has built-in support for SSL via OpenSSL.
> > Qt 4.7 (wheezey+) uses certs from /etc/ssl
> > Qt 4.6 and older (lenny, squeeze) uses its own bundled list of certs.
> > DigiNotar not included
>
> If Entrust is included, there's still a problem.
Right. It appears to be included:
subject= /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
serial=374AD243
Staat der Nederlanden is not included. I attached the full list for future
references, I extracted it from current HEAD (8f427b2) of the 4.6 branch of
Qt.
The common denominator here is still OpenSSL. If we make it reject DigiNotar
certs, we can protect most of the SSL/TLS users.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qt-ca-bundle.lst.gz
Type: application/x-gzip
Size: 2714 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20110904/8bd1e37d/attachment.bin>
More information about the Pkg-openssl-devel
mailing list