What the DigiNotar security breach means for Qt users (continued)
September 07, 2011 by Peter Hartmann | Comments
This blog post continues from the previous blog post, What the DigiNotar security breach means for Qt users.
What needs to be done
Contrary to an earlier DigiNotar statement, possibly all DigiNotar intermediate certificates are affected by the attack; this means that blacklisting only the DigiNotar root certificate is not enough. Since some of those intermediates are cross-signed, i.e. their trust does not ultimately rely on the DigiNotar root certificate, they need to be blacklisted.
Below are patches provided that blacklist all DigiNotar intermediates and root certificates.
For Qt versions 4.7.3 and 4.7.4:
(or if the patch for blacklisting the fraudulent Comodo certificates has been applied to earlier versions (see the blog post on the Comodo attack):
blacklist-diginotar-certs.diff
For Qt versions 4.7.0, 4.7.1 and 4.7.2:
blacklist-diginotar-and-comodo-certs.diff
All upcoming Qt versions, including 4.8 and 5, will contain a fix for the problem already (see e.g. the Qt 5 commit, the commits in the 4.7 and 4.8 repositories are not public yet).
Acknowledgements
Thanks to Rich Moore from KDE for cross-reading this post.
Blog Topics:
Comments
Subscribe to our newsletter
Subscribe Newsletter
Try Qt 6.4 Now!
Download the latest release here: www.qt.io/download.
Qt 6 is the productivity platform for the future, with next-gen 2D & 3D UX and limitless scalability.
Explore Qt World
Check our Qt demos and case studies in the virtual Qt World
We're Hiring
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Näytä tämä julkaisu Instagramissa.Henkilön Qt (@theqtcompany) jakama julkaisu