[PATCH] Make Konqueror show correct information about SSL certificates.

Andreas Hartmetz ahartmetz at gmail.com
Fri Jan 23 12:32:55 GMT 2009


On Friday 23 January 2009 11:31:26 Roland Harnau wrote:
> 2009/1/23, Andreas Hartmetz <ahartmetz at gmail.com>:
> > Can you describe in a few words how you found the bug and how/why the
> > patch fixes it? It is important that this bug is understood and will not
> > be reintroduced (and  fixed, and reintroduced...) again by accident. Some
> > necessary changes are probably still ahead, as always :)
>
> For its SSL dialog Konqueror relies on  MetaData send by the HTTP
> slave. Currenty  this is done inside TCPSlaveBase::startTLSInternal
> by means of the  sendAndKeepMetaData method. The problem is that the
> verification if the host name matches the certificate is done after
> the MetaData is send (inside TCPSlaveBase::verifyServerCertificate).
> My patch simply changes this order (and refactors  startTLSInternal a
> bit).
>
Heh. There used to be a bug in the opposite direction: If metadata was sent 
too early it sometimes wouldn't reach Konqueror but e.g. krunner. Therefore 
there's now sendAndKeepMetaData() so the metadata will be retransmitted later.

> There are still some issues, e.g. Konqueror does not always show the
> SSL icon if the connection is encrypted. Maybe this is the case if a
> persistent connection is reused by the slave,  because then
> TCPSlaveBae::connectToHost and therefore sendAndKeepMetaData are not
> called.
>
I've tested the patch and Konqueror indeed doesn't show the icon sometimes :(
This is the recurring bug I was talking of.

> Btw:  I can commit the patch myself if we have a consensus.
>
OK, I wasn't sure if you have an account.




More information about the kde-core-devel mailing list