Using system SSL certificates...

Thiago Macieira thiago at kde.org
Fri Jan 29 21:09:45 GMT 2010 

Em Sexta-feira 29. Janeiro 2010, às 18.53.18, Maksim Orlovich escreveu:
> > The only thing that's holding me back in updating the Qt certificates is
> > to
> > decide whether keeping expired certificates is a good thing.
> > 
> > There are 81 certificates in Qt's bundle. One of them is repeated, so 80
> > are
> > unique.
> > 
> > However, from those 80, 8 have expired already.
> > 
> > Of the 72 non-expired, unique certificates in Qt, 48 are *not* in the
> > Firefox
> > certificate store.
> 
> That's worriesome. What sort of validation did those CAs undergo?

I have no clue. Here's the file history.

Perforce change 311614 are whitespace changes (because QSslCertificate had a 
bug where it wouldn't recognise the BEGIN CERTIFICATE line if it had 
whitespace before the newline)

commit 9057f34abec722086774d7eb2836999188f9a4ef
Author: Thiago Macieira <tjmaciei at trolltech.com>
Date:   Fri Jun 20 12:32:14 2008 +0100

    p4i integration
    Integrate 311615 from 4.4 to main:
    Manual p4 integrate of 311614

    [git-p4: depot-paths = "//depot/qt/main/": change = 311616]

:100644 100644 c0e0eef... 7755ca0... M  src/network/ssl/qt-ca-bundle.crt

commit f8bf9ca4a91b869c329affc303029654c40c2eae
Author: Thiago Macieira <tjmaciei at trolltech.com>
Date:   Fri Jun 20 12:32:11 2008 +0100

    Manual p4 integrate of 311614

    [git-p4: depot-paths = "//depot/qt/4.4/": change = 311615]

:100644 100644 c0e0eef... 7755ca0... M  src/network/ssl/qt-ca-bundle.crt

commit 1387eaaf872e54a6972b6747843190aca595cebb
Author: Thiago Macieira <tjmaciei at trolltech.com>
Date:   Tue Sep 25 17:00:16 2007 +0100

    Fixes:    Reorganise QtNetwork because it's getting big
    Details:  Add subdirectories to Qt Network. Organisation is:
      - access: network access (will receive the new framework)
          - kernel: infrastructure (host address, host lookup, etc.)
      - socket: socket classes and socket engines
      - ssl: all SSL-related classes, plus the CA bundle

    [git-p4: depot-paths = "//depot/qt/main/": change = 277947]

:100644 100644 c0e0eef... c0e0eef... R100       src/network/qt-ca-bundle.crt    
src/network/ssl/qt-ca-bundle.crt

commit 454337337cd903ab86d3d26252fa8650f31c6c14
Author: ahanssen <ahanssen@:w>
Date:   Tue Mar 20 16:40:17 2007 +0100

    p4i integration
    Integrate 256445 from 4.3 to main:
    Fixes:    More QSslSocket work
    RevBy:    TrustMe
    AutoTest: Included
    Details:  More coverage.
        Include George's CA bundle as a resource in QtNetwork.
        Fix QSslCertificate copy construction (unfinished).

    [git-p4: depot-paths = "//depot/qt/main/": change = 256446]

:000000 100644 0000000... c0e0eef... A  src/network/qt-ca-bundle.crt

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100129/26f501a5/attachment.sig>

More information about the kde-core-devel mailing list