diff --git a/qt-x11-opensource-src-4.5.2-system_ca_certificates.patch b/qt-x11-opensource-src-4.5.2-system_ca_certificates.patch
new file mode 100644
index 0000000..ade6ea2
--- /dev/null
+++ b/qt-x11-opensource-src-4.5.2-system_ca_certificates.patch
@@ -0,0 +1,36 @@
+diff -up qt-x11-opensource-src-4.5.2/src/network/ssl/qsslsocket_openssl.cpp.ca_bundle qt-x11-opensource-src-4.5.2/src/network/ssl/qsslsocket_openssl.cpp
+--- qt-x11-opensource-src-4.5.2/src/network/ssl/qsslsocket_openssl.cpp.ca_bundle	2009-09-08 12:30:33.197347131 -0500
++++ qt-x11-opensource-src-4.5.2/src/network/ssl/qsslsocket_openssl.cpp	2009-09-08 12:41:50.295324320 -0500
+@@ -482,11 +482,11 @@ void QSslSocketPrivate::resetDefaultCiph
+ 
+ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
+ {
+-#ifdef QQ_OS_UNIX
++#ifdef Q_OS_UNIX
+     // Check known locations for the system's default bundle.  ### On Windows,
+     // we should use CAPI to find the bundle, and not rely on default unix
+     // locations.
+-    const char *standardLocations[] = {"/etc/ssl/certs/",
++    const char *standardLocations[] = {"/etc/pki/tls/certs/",
+ #if 0
+                                        // KDE uses KConfig for its SSL store,
+                                        // but it also stores the bundle at
+@@ -495,13 +495,16 @@ QList<QSslCertificate> QSslSocketPrivate
+ #endif
+                                        0};
+     const char **it = standardLocations;
++    QList<QSslCertificate> certs;
+     QStringList nameFilter;
+     nameFilter << QLatin1String("*.pem") << QLatin1String("*.crt");
+     while (*it) {
+-        if (QDirIterator(QLatin1String(*it), nameFilter).hasNext())
+-            return certificatesFromPath(QLatin1String(*it));
++        QDirIterator certfilesIt(QLatin1String(*it), nameFilter);
++        while (certfilesIt.hasNext())
++            certs += QSslCertificate::fromPath(certfilesIt.next());
+         ++it;
+     }
++    return certs;
+ #endif
+ 
+     // Qt provides a default bundle when we cannot detect the system's default
diff --git a/qt.spec b/qt.spec
index ae8e042..3a8be43 100644
--- a/qt.spec
+++ b/qt.spec
@@ -10,7 +10,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.5.2
-Release: 14%{?dist}
+Release: 15%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -41,6 +41,9 @@ Patch16: qt-x11-opensource-src-4.5.1-kde4_plugins.patch
 Patch17: qt-x11-opensource-src-4.5.2-pulseaudio.patch
 Patch19: qt-x11-opensource-src-4.5.1-phonon.patch
 Patch21: qt-x11-opensource-src-4.5.2-gst-pulsaudio.patch
+# use system ca-bundle certs, http://bugzilla.redhat.com/521911
+Patch22: qt-x11-opensource-src-4.5.2-system_ca_certificates.patch 
+Requires: ca-certificates
 
 ## upstreamable bits
 # http://bugzilla.redhat.com/485677
@@ -347,6 +350,7 @@ Qt libraries used for drawing widgets and OpenGL items.
 %patch17 -p1 -b .phonon-pulseaudio
 %patch19 -p1 -b .servicesfile
 %patch21 -p1 -b .gst-pulsaudio
+%patch22 -p1 -b .system_ca_certificates
 %patch51 -p1 -b .qdoc3
 %patch52 -p1 -b .sparc64
 %patch53 -p1 -b .qatomic-inline-asm
@@ -886,6 +890,9 @@ fi
 %{_datadir}/icons/hicolor/*/apps/qt4-logo.*
 
 %changelog
+* Tue Sep 08 2009 Rex Dieter <rdieter@fedoraproject.org> - 4.5.2-15
+- use system ca-certificates (#521911)
+
 * Tue Sep 01 2009 Than Ngo <than@redhat.com> - 4.5.2-14
 - drop fedora < 9 support
 - only apply ossl patch for fedora > 11