Security advisory: Fraudulent certificates

A patch has been created for Qt 4.6 and 4.7 that addresses potential threats caused by fraudulent SSL certificates.

Background:

Recently a group of people managed to get fraudulent SSL certificates signed by a Certificate Authority (CA).

These certificates potentially enable their owners to pretend to be other entities on the Web; the attackers can present valid certificates for e.g. mail.google.com, login.yahoo.com and login.live.com, among others.

The patch below solves this problem by blacklisting those fake certificates and aborting an SSL handshake with entities that present these certificates. The patch applies to all 4.6 and 4.7 versions, and should be applied to all Qt 4.6.x and 4.7.x versions; upcoming Qt releases will contain a fix for this problem.

blacklist-fraudulent-comodo-certificates-patch.diff

For more information and the full list of issued fraudulent certificates, see http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

More technical background:

In order to trick a user into establishing an SSL connection to a site using one of those fake certificates, in addition to controlling the certificate, an attacker would need to either control the DNS server used by the victim, or have control over a proxy that the victim uses. That way, the attacker could trick the victim to connect to the attacker's site and then present the user with a valid certificate.

One obvious question now is: Should those certificates not just be revoked, which would solve the problem?

First, they have been revoked by the affected Certificate Authority (see above link).

However, the problem in this case, and probably part of the reason why most browser vendors release new versions blacklisting those certificates, is that by default browsers do not treat invalid responses from an OCSP server (a server used for checking the revocation status of a certificate) as fatal, and will allow the SSL connection to proceed anyway. Qt itself does not support OCSP yet, which makes blacklisting the certificates the only valid option (now would be a good moment to vote on the task for implementing OCSP in Qt); since Qt is relying on the system root certificates since version 4.7, it cannot control the root certificates that Qt trusts automatically anymore.