diff options
| author | Mikkel Krautz <mikkel@krautz.dk> | 2014-06-13 02:46:22 +0400 |
|---|---|---|
| committer | Mikkel Krautz <mikkel@krautz.dk> | 2014-06-13 02:48:05 +0400 |
| commit | aef3509196f31747fee94eb9a39b793c3e9fe0f6 (patch) | |
| tree | 3767401cb11e6a1d6dd87012fee6c1c050a92fb6 | |
| parent | 75cf9de8203ba757b4147a4fed1beb4504291294 (diff) | |
Add CA certificate filter to MumbleSSL::addSystemCA() to work around issue 1271.
| -rw-r--r-- | src/SSL.cpp | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/SSL.cpp b/src/SSL.cpp index 2ba3d272d..09b2c27dd 100644 --- a/src/SSL.cpp +++ b/src/SSL.cpp @@ -147,4 +147,28 @@ void MumbleSSL::addSystemCA() { // Don't perform on-demand loading of root certificates QSslSocket::addDefaultCaCertificates(QSslSocket::systemCaCertificates()); #endif + +#ifdef Q_OS_WIN + // Work around issue #1271. + // Skype's click-to-call feature creates an enormous + // amount of certificates in the Root CA store. + { + QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration(); + QList<QSslCertificate> caList = sslCfg.caCertificates(); + + QList<QSslCertificate> filteredCaList; + foreach (QSslCertificate cert, caList) { + QString ou = cert.subjectInfo(QSslCertificate::Organization); + if (ou.contains(QLatin1String("Skype"), Qt::CaseInsensitive)) { + continue; + } + filteredCaList.append(cert); + } + + sslCfg.setCaCertificates(filteredCaList); + QSslConfiguration::setDefaultConfiguration(sslCfg); + + qWarning("SSL: CA certificate filter applied. Filtered size: %i, original size: %i", filteredCaList.size(), caList.size()); + } +#endif } |