Ubuntu
kde4libs package

Bug #334191
Comment #50

Comment 50 for bug 334191

Revision history for this message

In KDE Bug Tracking System #162485, Richard-bos (richard-bos) wrote on 2009-12-22:

#50

I exchanged some information about this severe bug with several key kde
people. Here is a summary of things that have been said:

> I started to search the kde's bug system for this problem, because going to
> this website http://mijn.ing.nl/ (a big Dutch bank) pops up a window with
> the message that the certificate can not be verified. At the same time,
> there is no way (AFAIK) to verify / look up which certificates or
> authorities are trusted.

Ah, I see. The UI is missing.

That website is popping up as error here too. It comes from OpenSSL, which is
reporting that it couldn't establish the trust path. It may be that we're
missing some root certificates in our bundle.

> When you would use https://mijn.ing.nl/ the request is redirected to
> https://mijn.ing.nl/internetbankieren/SesamLoginServlet, no pop up window
> is shown. But there is now no way to verify the (bank) certificates.
>
> > Konqueror offers minimal SSL support. This has been working since KDE
> > 2.1, or now 9 years.
>
> But konqueror has become better, and can now be used on more sites. I just
> tried the same site with kde3-konqueror and that one provides the (minimal)
> functionality that one would expect from a browser, including the
> possibility to verify certificates and authorities (konqueror -> settings
> -> cryptography).

Yeah, that UI is missing, but the functionality is the same.

> > Konqueror doesn't offer E.V. support. That's not part of "minimal". It
> > probably needs API in Qt, but I also have no idea what is missing.
>
> I don't know what E.V. support means. At the moment the cryptography
> settings are missing in my version of kde4-konqueror (openSUSE-11.1
> kde-4.3.4).

Extended Validation.

> I hope that this information makes the problem clearer.

Yes. It means there's nothing I can do, because the problem is UI.

> Well, AFAIK the UI was removed because the API for it didn't exist
> anymore...

Managing the certificate store doesn't require an API. It's a simple file or set
of files, each containing a certficate that QSslCertificate can read.

Setting trust relationships as well as distinguishing root CAs from personal
certificates from stored remote certificates is something done exclusively in
KDE code. No need for API in Qt.
-------

This is it for now. I hope it is usefull for someone.

I exchanged some information about this severe bug with several key kde
people.  Here is a summary of things that have been said:

> I started to search the kde's bug system for this problem, because going to
> this website http://mijn.ing.nl/ (a big Dutch bank) pops up a window with  
> the message that the certificate can not be verified.  At the same time,   
> there is no way (AFAIK) to verify / look up which certificates or          
> authorities are trusted.

Ah, I see. The UI is missing.

That website is popping up as error here too. It comes from OpenSSL, which is 
reporting that it couldn't establish the trust path. It may be that we're     
missing some root certificates in our bundle.

> When you would use https://mijn.ing.nl/ the request is redirected to
> https://mijn.ing.nl/internetbankieren/SesamLoginServlet, no pop up window
> is shown.  But there is now no way to verify the (bank) certificates.    
>                                                                          
> > Konqueror offers minimal SSL support. This has been working since KDE  
> > 2.1, or now 9 years.                                                   
>                                                                          
> But konqueror has become better, and can now be used on more sites.  I just
> tried the same site with kde3-konqueror and that one provides the (minimal)
> functionality that one would expect from a browser, including the          
> possibility to verify certificates and authorities (konqueror -> settings  
> -> cryptography).

Yeah, that UI is missing, but the functionality is the same.

> > Konqueror doesn't offer E.V. support. That's not part of "minimal". It
> >  probably needs API in Qt, but I also have no idea what is missing.   
>                                                                         
> I don't know what E.V. support means.  At the moment the cryptography   
>  settings are missing in my version of kde4-konqueror (openSUSE-11.1    
>  kde-4.3.4).