CVS commit by staikos: 

Two fixes.

1) Allow non-FQDN hostnames to work with SSL security checks (requires updated
kdecore)
2) Disable display of host IP if there is a proxy in use.

Both fixes are relatively untested.  In particular, I don't have a proxy to
test with and don't really care even if I did.  Please reopen with details if
it doesn't work, or comment if it does.  I won't backport unless I receive
positive feedback.

BUG: 90753
FEATURE: 77195


  M +2 -0      DESIGN.metadata   1.30
  M +21 -6     kio/tcpslavebase.cpp   1.140
  M +9 -2      kssl/ksslinfodlg.cc   1.58
  M +2 -1      misc/uiserver.cpp   1.123


--- kdelibs/kio/DESIGN.metadata  #1.29:1.30
@@ -106,4 +106,6 @@
 ssl_session_id  string          Set in TCPSlaveBase to indicate the SSL session ID in base64 encoded ASN.1 encoded binary format.  Also set in the caller to indicate to TCPSlaveBase to reuse a particular session ID.
 
+ssl_proxied     bool            Presently exists only if true.  Set in TCPSlaveBase to indicate that a proxy is in use for this SSL connection.
+
 main_frame_request      bool    Actually for SSL, this is set in the caller to tell TCPSlaveBase if this is the request for the main frame of an html page. (dfault: true)
 

--- kdelibs/kio/kio/tcpslavebase.cpp  #1.139:1.140
@@ -45,4 +45,5 @@
 #include <ksslcertdlg.h>
 #include <kmessagebox.h>
+#include <kresolver.h>
 
 #include <klocale.h>
@@ -793,11 +794,22 @@ int TCPSlaveBase::verifyCertificate()
 
    _IPmatchesCN = d->kssl->peerInfo().certMatchesAddress();
+   if (!_IPmatchesCN) {
+      KNetwork::KResolverResults res = KNetwork::KResolver::resolve(d->kssl->peerInfo().peerHost(), "80", KNetwork::KResolver::CanonName);
+      if (!res.isEmpty()) {
+         QString old = d->kssl->peerInfo().peerHost();
+         d->kssl->peerInfo().setPeerHost(res[0].canonicalName());
+         _IPmatchesCN = d->kssl->peerInfo().certMatchesAddress();
+         if (!_IPmatchesCN) {
+            d->kssl->peerInfo().setPeerHost(old);
+         }
+      }
    if (!_IPmatchesCN && !d->militantSSL) {  // force this if the user wants it
-      if (d->cc->getHostList(pc).contains(ourHost))
+         if (d->cc->getHostList(pc).contains(ourHost)) {
          _IPmatchesCN = true;
    }
+      }
+   }
 
-   if (!_IPmatchesCN)
-   {
+   if (!_IPmatchesCN) {
       ksvl << KSSLCertificate::InvalidHost;
    }
@@ -818,4 +830,7 @@ int TCPSlaveBase::verifyCertificate()
                   QString::number(d->kssl->connectionInfo().getCipherBits()));
     setMetaData("ssl_peer_ip", d->ip);
+    if (!d->realHost.isEmpty()) {
+       setMetaData("ssl_proxied", "true");
+    }
     
     QString errorStr;

--- kdelibs/kio/kssl/ksslinfodlg.cc  #1.57:1.58
@@ -215,6 +215,13 @@ void KSSLInfoDlg::setup(KSSLCertificate 
     layout = new QGridLayout(11, 2, KDialog::spacingHint());
     layout->setColStretch(1, 1);
-    layout->addWidget(new QLabel(i18n("IP address:"), this), 0, 0);
-    layout->addWidget(new QLabel(ip, this), 0, 1);
+    QLabel *ipl = new QLabel(i18n("IP address:"), this);
+    layout->addWidget(ipl, 0, 0);
+    if (ip.isEmpty()) {
+        ipl->hide();
+    }
+    layout->addWidget(ipl = new QLabel(ip, this), 0, 1);
+    if (ip.isEmpty()) {
+        ipl->hide();
+    }
     layout->addWidget(new QLabel(i18n("URL:"), this), 1, 0);
     KSqueezedTextLabel *urlLabel = new KSqueezedTextLabel(url, this);

--- kdelibs/kio/misc/uiserver.cpp  #1.122:1.123
@@ -1196,6 +1196,7 @@ void UIServer::showSSLInfoDialog(const Q
       kdDebug(7024) << "ssl_cert_errors=" << meta["ssl_cert_errors"] << endl;
       kid->setCertState(meta["ssl_cert_errors"]);
+      QString ip = meta.contains("ssl_proxied") ? "" : meta["ssl_peer_ip"];
       kid->setup( x,
-                  meta["ssl_peer_ip"],
+                  ip,
                   url, // the URL
                   meta["ssl_cipher"],