fix #2212749, CVE-2023-34410

author Than Ngo <than@redhat.com>

Fri, 9 Jun 2023 15:29:40 +0000 (15:29 +0000)

committer Roberto C. Sánchez <roberto@debian.org>

Tue, 22 Aug 2023 13:42:24 +0000 (14:42 +0100)
author Than Ngo <than@redhat.com>
Fri, 9 Jun 2023 15:29:40 +0000 (15:29 +0000)
committer Roberto C. Sánchez <roberto@debian.org>
Tue, 22 Aug 2023 13:42:24 +0000 (14:42 +0100)
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp

index c262f2214d94f60adbb1ca35f89a2aa69a5cd58f..d868d043f2dd1b1ffa3ef199d748748b3dab62bb 100644 (file)
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -1863,6 +1863,10 @@ QSslSocketPrivate::QSslSocketPrivate()
      , plainSocket(0)
  {
      QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+    // If the global configuration doesn't allow root certificates to be loaded
+    // on demand then we have to disable it for this socket as well.
+    if (!configuration.allowRootCertOnDemandLoading)
+        allowRootCertOnDemandLoading = false;
  }
  
  /*!
@@ -2041,6 +2045,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
      ptr->sessionCipher = global->sessionCipher;
      ptr->ciphers = global->ciphers;
      ptr->caCertificates = global->caCertificates;
+    ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
      ptr->protocol = global->protocol;
      ptr->peerVerifyMode = global->peerVerifyMode;
      ptr->peerVerifyDepth = global->peerVerifyDepth;
author	Than Ngo <than@redhat.com>
	Fri, 9 Jun 2023 15:29:40 +0000 (15:29 +0000)
committer	Roberto C. Sánchez <roberto@debian.org>
	Tue, 22 Aug 2023 13:42:24 +0000 (14:42 +0100)