'Bug#26221: marked as done (non secure HTTPS connection) by George Staikos <staikos@kde.org>'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Bug#26221: marked as done (non secure HTTPS connection) by George Staikos <staikos@kde.org>
From:       owner () bugs ! kde ! org (Stephan Kulow)
Date:       2001-05-26 18:48:05
[Download RAW message or body]

Your message with subj: Bug#26221: non secure HTTPS connection

On Saturday 26 May 2001 12:50, somekool@mytradecenter.com wrote:
> Package: konqueror
> Version: unknown (using KDE 2.2.0 CVS >=20010503)
> Severity: normal
> Installed from:    compiled sources
> Compiler:          gcc version 2.95.2 19991024 (release)
> OS:                Linux (i686) release 2.2.19
> OS/Compiler notes:
> 
> hi !
> 
> when connecting to a secure HTTPS server, the browser have to verify the
> validity of the certificate. not only do a HTTPS/TCP connection.
> 
> for now, konqueror allow any connection without any warning to the user.
> for example if the server use a snakeoil test certificate or even worst if
> the server is manage by some thief.
> 
> when you pay for a SSL certificate, you pay for ONE domain. and if the web
> server do VirtualHosting then we have the possibility to connect to a
> non-certify domain name.
> 
> with Netscape, you will get a warn dialog that show you the certificate and
> allow the user the deny or not the secure connection. with konqueror, no
> warn ;(
> 
> thats pretty dangerous for number of us who want to share important
> information like credit card number.

  The SSL code isn't done yet...  This code is implemented in slaves other 
than http because http doesn't use TCPSlaveBase.  Perhaps it will make it for 
2.2.  We actually do verify the cert but you have to explicitly check for 
yourself using the padlock toolbar icon.

-- 

George Staikos


has caused the attached bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Stephan Kulow
(administrator, KDE bugs database)

Received: (at submit) by bugs.kde.org; 26 May 2001 16:50:04 +0000
Received: (qmail 9715 invoked by uid 33); 26 May 2001 16:50:03 -0000
Date: 26 May 2001 16:50:03 -0000
Message-ID: <20010526165003.9714.qmail@master.kde.org>
To: submit@bugs.kde.org
Subject: non secure HTTPS connection
From: somekool@mytradecenter.com

Package:           konqueror
Version:           unknown (using KDE 2.2.0 CVS >=20010503)
Severity:          normal
Installed from:    compiled sources
Compiler:          gcc version 2.95.2 19991024 (release)
OS:                Linux (i686) release 2.2.19
OS/Compiler notes: 

hi ! 

when connecting to a secure HTTPS server, the browser have to verify the validity of \
the certificate. not only do a HTTPS/TCP connection.

for now, konqueror allow any connection without any warning to the user. for example \
if the server use a snakeoil test certificate or even worst if the server is manage \
by some thief.

when you pay for a SSL certificate, you pay for ONE domain. and if the web server do \
VirtualHosting then we have the possibility to connect to a non-certify domain name.

with Netscape, you will get a warn dialog that show you the certificate and allow the \
user the deny or not the secure connection. with konqueror, no warn ;(

thats pretty dangerous for number of us who want to share important information like \
credit card number.

thanks.


(Submitted via bugs.kde.org)
(Called from KBugReport dialog)


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic