Bug#659035: mumble: Fix certificate validation with QT 4.8.0

Tue, 07 Feb 2012 08:03:19 -0800 

Package: mumble
Version: 1.2.3-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch



*** /tmp/tmp4vG35i/bug_body
In Ubuntu, the attached patch was applied to achieve the following:

When compiling with QT 4.8, mumble can no longer validate server
certificates. This patch works around the issue.

  * debian/patches/0003-fix-cert-validation.patch: Fix certificate
    validation with QT 4.8. For some reason, the new on-demand root cert
    loading is not working with mumble. (LP: #928296)

Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 
'precise-proposed'), (500, 'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-12-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru mumble-1.2.3/debian/changelog mumble-1.2.3/debian/changelog
diff -Nru mumble-1.2.3/debian/patches/0003-fix-cert-validation.patch mumble-1.2.3/debian/patches/0003-fix-cert-validation.patch
--- mumble-1.2.3/debian/patches/0003-fix-cert-validation.patch	1969-12-31 19:00:00.000000000 -0500
+++ mumble-1.2.3/debian/patches/0003-fix-cert-validation.patch	2012-02-07 10:24:56.000000000 -0500
@@ -0,0 +1,21 @@
+Description: Fix certificate validation with QT 4.8. For some reason, the
+ new on-demand root cert loading is not working with mumble.
+Author: Marc Deslauriers <marc.deslauri...@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/928296
+
+Index: mumble-1.2.3/src/SSL.cpp
+===================================================================
+--- mumble-1.2.3.orig/src/SSL.cpp	2012-02-07 09:53:41.766241152 -0500
++++ mumble-1.2.3/src/SSL.cpp	2012-02-07 10:18:37.902226883 -0500
+@@ -252,6 +252,11 @@
+ 	QSslSocket::setDefaultCaCertificates(ql);
+ #endif // NO_SYSTEM_CA_OVERRIDE
+ 
++#if QT_VERSION >= 0x040800
++        // Don't perform on-demand loading of root certificates
++        QSslSocket::setDefaultCaCertificates(QSslSocket::systemCaCertificates());
++#endif
++
+ 	for (unsigned int i=0;i<sizeof(recommended_cas)/sizeof(recommended_cas[0]);++i) {
+ 		QSslCertificate cert(recommended_cas[i]);
+ 		if (! QSslSocket::defaultCaCertificates().contains(cert)) {

Reply via email to