[prev in list] [next in list] [prev in thread] [next in thread]
List: konq-bugs
Subject: [kio] [Bug 312550] Incorrect SSL warnings in kde apps
From: Dawit Alemayehu <adawit () kde ! org>
Date: 2013-12-29 15:35:32
Message-ID: bug-312550-5021-Y9BLwm3htR () http ! bugs ! kde ! org/
[Download RAW message or body]
https://bugs.kde.org/show_bug.cgi?id=312550
Dawit Alemayehu <adawit@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |UNCONFIRMED
Ever confirmed|1 |0
--- Comment #18 from Dawit Alemayehu <adawit@kde.org> ---
(In reply to comment #17)
> Since Firefox and Chromium don't complain about the certificate, just KDE
> apps (Kopete, Akonadi and Konqueror) I think it's unlikely that it's a
> problem with the system certificates.
Yes, it is, but do not take my word for it. You can test this for yourself.
1.) Get the Mozilla certificate bundle (cacert.pem) from curl site:
http://curl.haxx.se/docs/caextract.html or any other place you want.
2.) ALT+F2 and type "SSL" and select SSL Preferences from the list to launch
the SSL certificate management dialog.
3.) Click on "Add" and choose the certificate bundle from Mozilla and press OK.
4.) Visit the site reported in this report again and see if any SSL errors are
reported.
I guarantee you that the SSL errors will no longer be there. And if you check
the SSL preferences dialog you would see that 5 new certificates are imported
as the result of the process I outline above. If you disable the Versign
certificate under the "User-added certificates" section, you can disable/remove
that certificate and see if the error returns or not for yourself.
As far as the site listed in comment #12, you get SSL warnings in both Chromium
and Firefox so that certificate is not a trusted one. Anyhow, missing
certificates are the cause for the warning shown here. And on my system at
least that is most certainly due to "ca-certificates 20130906-1" not containing
all the certificates that are in Mozilla's bundle.
> I tried to investigate what could be prompting KDE (or Qt, I don't know) to
> reject that certificate, but I don't know much about SSL/TSL and it turns
> out that it is more complicated than I thought, so it was taking much more
> time than I have and I had to stop.
>
> I did found out that it's a cross-certificate. I's certificate 1b here:
>
> http://stackoverflow.com/questions/10682863/how-does-it-work-found-one-ssl-
> certificate-two-different-chains-and-two-differe
>
> Given that it's not a trivial certificate, and that there's bug 162485 (KDE
> 4 SSL Certificate support incomplete), I'm more inclined to think that it's
> a bug in KDE or Qt.
That is simply not correct.
> Perhaps this bug should depend on bug #162485.
That is a very old bug report that is not applicable today for the reasons I
stated in my previous comment. KDE no longer installs its own certificate
bundle. Instead it relies on Qt and the certificate bundles it uses. Perhaps
Qt's implementation was deficient when that bug report was opened, but that is
most certainly not the case now. As a result the bug report itself has already
been addressed and should have been closed.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Konq-bugs mailing list
Konq-bugs@kde.org
https://mail.kde.org/mailman/listinfo/konq-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic