qt/0047-QSslCertificate-blacklist-NIC-certificates-from-Indi.patch

From 59eb561989f7a7b65c3e9b11d0ac062479013bf2 Mon Sep 17 00:00:00 2001
From: Peter Hartmann <phartmann@blackberry.com>
Date: Wed, 9 Jul 2014 16:22:44 +0200
Subject: [PATCH 47/74] QSslCertificate: blacklist NIC certificates from India

Those intermediate certificates were used to issue "unauthorized"
certificates according to
http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html
, and are by default trusted on Windows, so to be safe we blacklist
them here.

(backport of commit 916c9d469bd0df227dc3be97fcca27e3cf58144f)
Change-Id: I22c6637895dcd21b1f7af73fdd5ca39d4747cf9e
Reviewed-by: Richard J. Moore <rich@kde.org>
---
 src/network/ssl/qsslcertificate.cpp                |  4 ++++
 .../blacklisted-nic-india-2007.pem                 | 25 +++++++++++++++++++++
 .../blacklisted-nic-india-2011.pem                 | 26 ++++++++++++++++++++++
 .../blacklisted-nic-india-2014.pem                 | 26 ++++++++++++++++++++++
 4 files changed, 81 insertions(+)
 create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem
 create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem
 create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 254f45b..a015880 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -832,6 +832,10 @@ static const char *certificate_blacklist[] = {
     "2148",                                            "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
 
     "204199",                                        "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency
+
+    "10115",                                         "NIC Certifying Authority", // intermediate certificate from NIC India (2007)
+    "10130",                                         "NIC CA 2011", // intermediate certificate from NIC India (2011)
+    "10161",                                         "NIC CA 2014", // intermediate certificate from NIC India (2014)
     0
 };
 
diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem
new file mode 100644
index 0000000..2106f66
--- /dev/null
+++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgICJ4MwDQYJKoZIhvcNAQEFBQAwOjELMAkGA1UEBhMCSU4x
+EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMDcwHhcN
+MDcwNzAyMDY0MTU5WhcNMTUwNzA0MDYzMDAwWjCBsDELMAkGA1UEBhMCSU4xJDAi
+BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEOMAwGA1UECxMFTklD
+Q0ExITAfBgNVBAMTGE5JQyBDZXJ0aWZ5aW5nIEF1dGhvcml0eTESMBAGA1UEBxMJ
+TmV3IERlbGhpMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QGNhbWFpbC5uaWMuaW4x
+DjAMBgNVBAgTBURlbGhpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+wLRKDEWWC1iWcxpVgA7GJEjQVjGIMx9XPLoaMKXiEQdajHgmjKdOhlFkSWiHgiCS
+Uo39U0/UoC4rAYzBCcfHWdAGjXNs7dt/cz+muK2aMoPoAgXWLF2A48CJMrTcyNFE
+HryIYJeCiK8DTlEhBxL8II9VBx8qKSquizh4MQTmpqvfjHNqd6qCHF6q8W439io5
+kVIFnGNd/p0V5HFv0OpWeF/IpKJA1m1lb729FwfsVpqipf7DLVQUKtSjK/32RDtB
+hnAmkDlW6IZRPs2F896A5COPSDjJlAeUX8JqDnBOr64bPRgUy0VDnW/soRB3knkn
+5w5ueXj3DrgONtjGcBSwVwIDAQABo4HOMIHLMA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECEwne24Nsv9UMBMGA1UdIwQMMAqACE8ewFgn2LjkMAsGA1UdDwQEAwIB
+BjCBggYDVR0fBHsweTB3oHWgc4ZxbGRhcDovL25yZGMuY2NhLmdvdi5pbjozODkv
+Y249Q0NBIEluZGlhIDIwMDcsb3U9Q0NBIEluZGlhIDIwMDcsbz1JbmRpYSBQS0ks
+Yz1JTj9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeT8wDQYJKoZIhvcN
+AQEFBQADggEBAKx6RkVgMGQADgl4jTy3qBDq8nvkegDaDnviTUsGzsR6RpooT0xd
+wuKiRU0I7p2gAo6uBTMEZtS+XWJz+7xlfo4fao5XIU4e1fxkQuxddM23/J7M4+Uz
+3pL7ziK5RcVizhQqz3IjSH440/OoFhUBT5d5WWN0hliEcr7+6nLPAOcAX/qR509a
+Djd/aonfyQFCMyfiPpYLx5ElTuqUZeHApJ58+Iprwbu3EIux+C+mfS8QCMY+WYje
+aocCIwIutrmoxIXxGy9yV5OKIe2+4wsCT8aNin+6AV7qNTmFVhp+MF50v69ONTO7
+w2Sa+ire2N5FgklMW2WTCi8d8rwLzaWuse4=
+-----END CERTIFICATE-----
diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem
new file mode 100644
index 0000000..d3a8c10
--- /dev/null
+++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEWzCCA0OgAwIBAgICJ5IwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x
+EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTEwHhcN
+MTEwMzExMDgxNTExWhcNMTYwMzExMDYzMDAwWjCByDELMAkGA1UEBhMCSU4xJDAi
+BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEdMBsGA1UECxMUQ2Vy
+dGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEOMAwGA1UECBMFRGVs
+aGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEdMBsGA1UEMwwUQS1C
+bG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAyMDExMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7J/N88MoXcCHTz4A5DKF59+8kvSnriGr
+TEowLSa5NCvH+o89+Mf7V260kKZJ/hQox5RG/F8/gY7u9ziLeypbedeG8EIl88HC
+4x9hT0SNLsrj9qo90waDuGYB4/KQ8q5E6ivVxxV0epzQfFA5A5biKltPBbku/M4D
+iZ+TqBbHxo6nRUEZoukJi0+JLykGI4VpJlQBzow04omxQUZHzvCffo6QvN6FdzZ0
+MopwqaggyfHDFu9o4elCR9Kd/obYlgXAHLYwJlN0pybbe2WpKj81/pxDhKgxrVN+
+OZaI5OMBBkjDRQG+ZyEnQb8XYMNPJbOgQGYgsRdPPjIn7poTzxe7SQIDAQABo4Hb
+MIHYMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0OBAoECE5VT66z36FmMBIGA1Ud
+IAQLMAkwBwYFYIJkZAIwEwYDVR0jBAwwCoAITQeoY/LbHN8wLgYIKwYBBQUHAQEE
+IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vb2N2cy5nb3YuaW4wDgYDVR0PAQH/BAQD
+AgEGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jY2EuZ292LmluL3J3L3Jlc291
+cmNlcy9DQ0FJbmRpYTIwMTFMYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5
+LCqtHbxfO72KRWJbW9dAHNh2xh8n7wstNgSPHLbjL5B0l7RZlCFauy4fjc2faMiB
+xnOq5oEXeIZBrT2NkuEymQ8f0Pzm3pcXrMkFrj78SiA07/cPQShBKKpw39t6puJV
+8ykiVZMZvSCjCzzZZlVO12b2ChADkf6wtseftx5O/zBsqP3Y2+3+KvEeDVtuseKu
+FV2OxSsqSfffJq7IYTwpRPOVzHGJnjV3Igtj3zAzZm8CWxRM/yhnkGyVc+xz/T7o
+WY0870eciR+bmLjZ9j0opudZR6e+lCsMHH2Lxc8C/0XRcCzcganxfWCb/fb0gx44
+iY0a+wWCVebjuyKU/BXk
+-----END CERTIFICATE-----
diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem
new file mode 100644
index 0000000..5467086
--- /dev/null
+++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEWzCCA0OgAwIBAgICJ7EwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x
+EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTQwHhcN
+MTQwMzA1MTExNTI0WhcNMjQwMzA1MDYzMDAwWjCByDELMAkGA1UEBhMCSU4xJDAi
+BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEdMBsGA1UECxMUQ2Vy
+dGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEOMAwGA1UECBMFRGVs
+aGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEdMBsGA1UEMxMUQS1C
+bG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAyMDE0MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/OQ56Ge9MhJiBwtOlCJP4p5gjcCuqkQ2
+6BCSQgfAsxyNxAwtL1f0h3d5KNFIInIG2Y9PwBgUrgavOWy2cZICxgXIGaOzK5bI
+TyGhxYMPUzkazGppfj0ScW7Ed/kjeDnic3WlYkPwtNaV1qwTElr8zqPUtT27ZDqd
+6upor9MICngXAC1tHjhPuGrGtu4i6FMPrmkofwdh8dkuRzU/OPjf9lA+E9Qu0Nvq
+soI9grJA0etgRfn9juR4X3KTG21qHnza50PpMYC4+vh8jAnIT7Kcz8Ggr4eghkvP
++iz2yEtIcV9M1xeo98XU/jxuYS7LeWtO79jkiqCIqgI8T3x7LHuCaQIDAQABo4Hb
+MIHYMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0OBAoECEZwyi8lTsNHMBIGA1Ud
+IAQLMAkwBwYFYIJkZAIwEwYDVR0jBAwwCoAIQrjFz22zV+EwLgYIKwYBBQUHAQEE
+IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vb2N2cy5nb3YuaW4wDgYDVR0PAQH/BAQD
+AgEGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jY2EuZ292LmluL3J3L3Jlc291
+cmNlcy9DQ0FJbmRpYTIwMTRMYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCB
+i3iJeUlkfjY96HgfBIUEsLi+knO3VUrxDmwps1YyhgRSt22NQLZ4jksSWLI2EQbn
+9k5tH8rwSbsOWf+TZH7jpaKAVSYi1GhEbGR/C2ZeFiWATwtPWKoVGwx/ksUO9YPM
+zf0wh6fDIuyBJIs/nuN93+L2ib+TS5viNky+HrR3XyqE0z43W5bbzMbido3lbwgr
+drMWD6hCNSZs888L0Se4rn2ei0aPmHmxjDjbExF3NF6m2uYC/wAR4cVIzMvvptFY
+n+SAdG/pwkKHaMVncB/cxxEWiKzOxVpjBsM4N19lpxp2RU/n+x7xRK3WTQvNAZdU
+7pcAYmZIXPu/ES9qpK4f
+-----END CERTIFICATE-----
-- 
1.9.3
1:4.8.6-13 - move qmlviewer to -devel - pull in some upstream fixes 2014-09-16 13:39:45 +00:00			`From 59eb561989f7a7b65c3e9b11d0ac062479013bf2 Mon Sep 17 00:00:00 2001`
			`From: Peter Hartmann <phartmann@blackberry.com>`
			`Date: Wed, 9 Jul 2014 16:22:44 +0200`
			`Subject: [PATCH 47/74] QSslCertificate: blacklist NIC certificates from India`

			`Those intermediate certificates were used to issue "unauthorized"`
			`certificates according to`
			`http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html`
			`, and are by default trusted on Windows, so to be safe we blacklist`
			`them here.`

			`(backport of commit 916c9d469bd0df227dc3be97fcca27e3cf58144f)`
			`Change-Id: I22c6637895dcd21b1f7af73fdd5ca39d4747cf9e`
			`Reviewed-by: Richard J. Moore <rich@kde.org>`
			`---`
			`src/network/ssl/qsslcertificate.cpp \| 4 ++++`
			`.../blacklisted-nic-india-2007.pem \| 25 +++++++++++++++++++++`
			`.../blacklisted-nic-india-2011.pem \| 26 ++++++++++++++++++++++`
			`.../blacklisted-nic-india-2014.pem \| 26 ++++++++++++++++++++++`
			`4 files changed, 81 insertions(+)`
			`create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem`
			`create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem`
			`create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem`

			`diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp`
			`index 254f45b..a015880 100644`
			`--- a/src/network/ssl/qsslcertificate.cpp`
			`+++ b/src/network/ssl/qsslcertificate.cpp`
			`@@ -832,6 +832,10 @@ static const char *certificate_blacklist[] = {`
			`"2148", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate`

			`"204199", "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency`
			`+`
			`+ "10115", "NIC Certifying Authority", // intermediate certificate from NIC India (2007)`
			`+ "10130", "NIC CA 2011", // intermediate certificate from NIC India (2011)`
			`+ "10161", "NIC CA 2014", // intermediate certificate from NIC India (2014)`
			`0`
			`};`

			`diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem`
			`new file mode 100644`
			`index 0000000..2106f66`
			`--- /dev/null`
			`+++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem`
			`@@ -0,0 +1,25 @@`
			`+-----BEGIN CERTIFICATE-----`
			`+MIIENjCCAx6gAwIBAgICJ4MwDQYJKoZIhvcNAQEFBQAwOjELMAkGA1UEBhMCSU4x`
			`+EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMDcwHhcN`
			`+MDcwNzAyMDY0MTU5WhcNMTUwNzA0MDYzMDAwWjCBsDELMAkGA1UEBhMCSU4xJDAi`
			`+BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEOMAwGA1UECxMFTklD`
			`+Q0ExITAfBgNVBAMTGE5JQyBDZXJ0aWZ5aW5nIEF1dGhvcml0eTESMBAGA1UEBxMJ`
			`+TmV3IERlbGhpMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QGNhbWFpbC5uaWMuaW4x`
			`+DjAMBgNVBAgTBURlbGhpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA`
			`+wLRKDEWWC1iWcxpVgA7GJEjQVjGIMx9XPLoaMKXiEQdajHgmjKdOhlFkSWiHgiCS`
			`+Uo39U0/UoC4rAYzBCcfHWdAGjXNs7dt/cz+muK2aMoPoAgXWLF2A48CJMrTcyNFE`
			`+HryIYJeCiK8DTlEhBxL8II9VBx8qKSquizh4MQTmpqvfjHNqd6qCHF6q8W439io5`
			`+kVIFnGNd/p0V5HFv0OpWeF/IpKJA1m1lb729FwfsVpqipf7DLVQUKtSjK/32RDtB`
			`+hnAmkDlW6IZRPs2F896A5COPSDjJlAeUX8JqDnBOr64bPRgUy0VDnW/soRB3knkn`
			`+5w5ueXj3DrgONtjGcBSwVwIDAQABo4HOMIHLMA8GA1UdEwEB/wQFMAMBAf8wEQYD`
			`+VR0OBAoECEwne24Nsv9UMBMGA1UdIwQMMAqACE8ewFgn2LjkMAsGA1UdDwQEAwIB`
			`+BjCBggYDVR0fBHsweTB3oHWgc4ZxbGRhcDovL25yZGMuY2NhLmdvdi5pbjozODkv`
			`+Y249Q0NBIEluZGlhIDIwMDcsb3U9Q0NBIEluZGlhIDIwMDcsbz1JbmRpYSBQS0ks`
			`+Yz1JTj9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeT8wDQYJKoZIhvcN`
			`+AQEFBQADggEBAKx6RkVgMGQADgl4jTy3qBDq8nvkegDaDnviTUsGzsR6RpooT0xd`
			`+wuKiRU0I7p2gAo6uBTMEZtS+XWJz+7xlfo4fao5XIU4e1fxkQuxddM23/J7M4+Uz`
			`+3pL7ziK5RcVizhQqz3IjSH440/OoFhUBT5d5WWN0hliEcr7+6nLPAOcAX/qR509a`
			`+Djd/aonfyQFCMyfiPpYLx5ElTuqUZeHApJ58+Iprwbu3EIux+C+mfS8QCMY+WYje`
			`+aocCIwIutrmoxIXxGy9yV5OKIe2+4wsCT8aNin+6AV7qNTmFVhp+MF50v69ONTO7`
			`+w2Sa+ire2N5FgklMW2WTCi8d8rwLzaWuse4=`
			`+-----END CERTIFICATE-----`
			`diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem`
			`new file mode 100644`
			`index 0000000..d3a8c10`
			`--- /dev/null`
			`+++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem`
			`@@ -0,0 +1,26 @@`
			`+-----BEGIN CERTIFICATE-----`
			`+MIIEWzCCA0OgAwIBAgICJ5IwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x`
			`+EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTEwHhcN`
			`+MTEwMzExMDgxNTExWhcNMTYwMzExMDYzMDAwWjCByDELMAkGA1UEBhMCSU4xJDAi`
			`+BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEdMBsGA1UECxMUQ2Vy`
			`+dGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEOMAwGA1UECBMFRGVs`
			`+aGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEdMBsGA1UEMwwUQS1C`
			`+bG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAyMDExMIIBIjANBgkq`
			`+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7J/N88MoXcCHTz4A5DKF59+8kvSnriGr`
			`+TEowLSa5NCvH+o89+Mf7V260kKZJ/hQox5RG/F8/gY7u9ziLeypbedeG8EIl88HC`
			`+4x9hT0SNLsrj9qo90waDuGYB4/KQ8q5E6ivVxxV0epzQfFA5A5biKltPBbku/M4D`
			`+iZ+TqBbHxo6nRUEZoukJi0+JLykGI4VpJlQBzow04omxQUZHzvCffo6QvN6FdzZ0`
			`+MopwqaggyfHDFu9o4elCR9Kd/obYlgXAHLYwJlN0pybbe2WpKj81/pxDhKgxrVN+`
			`+OZaI5OMBBkjDRQG+ZyEnQb8XYMNPJbOgQGYgsRdPPjIn7poTzxe7SQIDAQABo4Hb`
			`+MIHYMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0OBAoECE5VT66z36FmMBIGA1Ud`
			`+IAQLMAkwBwYFYIJkZAIwEwYDVR0jBAwwCoAITQeoY/LbHN8wLgYIKwYBBQUHAQEE`
			`+IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vb2N2cy5nb3YuaW4wDgYDVR0PAQH/BAQD`
			`+AgEGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jY2EuZ292LmluL3J3L3Jlc291`
			`+cmNlcy9DQ0FJbmRpYTIwMTFMYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5`
			`+LCqtHbxfO72KRWJbW9dAHNh2xh8n7wstNgSPHLbjL5B0l7RZlCFauy4fjc2faMiB`
			`+xnOq5oEXeIZBrT2NkuEymQ8f0Pzm3pcXrMkFrj78SiA07/cPQShBKKpw39t6puJV`
			`+8ykiVZMZvSCjCzzZZlVO12b2ChADkf6wtseftx5O/zBsqP3Y2+3+KvEeDVtuseKu`
			`+FV2OxSsqSfffJq7IYTwpRPOVzHGJnjV3Igtj3zAzZm8CWxRM/yhnkGyVc+xz/T7o`
			`+WY0870eciR+bmLjZ9j0opudZR6e+lCsMHH2Lxc8C/0XRcCzcganxfWCb/fb0gx44`
			`+iY0a+wWCVebjuyKU/BXk`
			`+-----END CERTIFICATE-----`
			`diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem`
			`new file mode 100644`
			`index 0000000..5467086`
			`--- /dev/null`
			`+++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem`
			`@@ -0,0 +1,26 @@`
			`+-----BEGIN CERTIFICATE-----`
			`+MIIEWzCCA0OgAwIBAgICJ7EwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x`
			`+EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTQwHhcN`
			`+MTQwMzA1MTExNTI0WhcNMjQwMzA1MDYzMDAwWjCByDELMAkGA1UEBhMCSU4xJDAi`
			`+BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEdMBsGA1UECxMUQ2Vy`
			`+dGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEOMAwGA1UECBMFRGVs`
			`+aGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEdMBsGA1UEMxMUQS1C`
			`+bG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAyMDE0MIIBIjANBgkq`
			`+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/OQ56Ge9MhJiBwtOlCJP4p5gjcCuqkQ2`
			`+6BCSQgfAsxyNxAwtL1f0h3d5KNFIInIG2Y9PwBgUrgavOWy2cZICxgXIGaOzK5bI`
			`+TyGhxYMPUzkazGppfj0ScW7Ed/kjeDnic3WlYkPwtNaV1qwTElr8zqPUtT27ZDqd`
			`+6upor9MICngXAC1tHjhPuGrGtu4i6FMPrmkofwdh8dkuRzU/OPjf9lA+E9Qu0Nvq`
			`+soI9grJA0etgRfn9juR4X3KTG21qHnza50PpMYC4+vh8jAnIT7Kcz8Ggr4eghkvP`
			`++iz2yEtIcV9M1xeo98XU/jxuYS7LeWtO79jkiqCIqgI8T3x7LHuCaQIDAQABo4Hb`
			`+MIHYMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0OBAoECEZwyi8lTsNHMBIGA1Ud`
			`+IAQLMAkwBwYFYIJkZAIwEwYDVR0jBAwwCoAIQrjFz22zV+EwLgYIKwYBBQUHAQEE`
			`+IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vb2N2cy5nb3YuaW4wDgYDVR0PAQH/BAQD`
			`+AgEGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jY2EuZ292LmluL3J3L3Jlc291`
			`+cmNlcy9DQ0FJbmRpYTIwMTRMYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCB`
			`+i3iJeUlkfjY96HgfBIUEsLi+knO3VUrxDmwps1YyhgRSt22NQLZ4jksSWLI2EQbn`
			`+9k5tH8rwSbsOWf+TZH7jpaKAVSYi1GhEbGR/C2ZeFiWATwtPWKoVGwx/ksUO9YPM`
			`+zf0wh6fDIuyBJIs/nuN93+L2ib+TS5viNky+HrR3XyqE0z43W5bbzMbido3lbwgr`
			`+drMWD6hCNSZs888L0Se4rn2ei0aPmHmxjDjbExF3NF6m2uYC/wAR4cVIzMvvptFY`
			`+n+SAdG/pwkKHaMVncB/cxxEWiKzOxVpjBsM4N19lpxp2RU/n+x7xRK3WTQvNAZdU`
			`+7pcAYmZIXPu/ES9qpK4f`
			`+-----END CERTIFICATE-----`
			`--`
			`1.9.3`