[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    Bug#30043: more on interaction between SSLv2/v3 in new-style https support
From:       James Young <marm () marm ! org ! uk>
Date:       2001-07-31 22:06:32
[Download RAW message or body]

Further testing has revealed more specific stuff, and that what I 
reported previously was not quite right:

each instance of kio_http that is started by Konqueror seems to need 
'initializing' with SSLv2 - that is, if I select only SSLv2, visit an 
SSL site that accepts SSLv2 connections, then select only SSLv3, and 
Konqui reuses this 'initialized' instance of kio_http, then the SSLv3 
connection works correctly.

If Konqui instantiates a new kio_http that has not been 'initialized' 
with SSLv2, then any attempt to make an SSLv3 or TLS connection fails, 
kio_http dies.

It appears that this happens after the certificate exchange, because 
the server's certificate appears in 'Peer SSL certificates' in 
kcmcrypto after kio_http has died.

I was wondering if this was something timing-related, perhaps a pointer 
doesn't get initialized in time due to a race condition, a race which 
gets masked by a faster processor, as I am using what is a very slow 
machine these days (PII-233), and other users of the same Debian 
packages don't seem to be able to reproduce the problem, but at a guess 
are using faster machines.

However, I'm no C++ guru, so this is just a wild guess. 

-- 
marm

[prev in list] [next in list] [prev in thread] [next in thread]