Fwd: kssl: certificate weirdness

Waldo Bastian bastian at kde.org
Thu Apr 8 13:35:19 BST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon April 5 2004 13:27, Waldo Bastian wrote:
> > In Konqueror, open:
> > https://www.uni-konstanz.de/
> > It should open without any problem since it was signed by a CA which was
> > signed by the DFN Root CA
> >
> > look at the KDE SSL Information (View -> Security).
> > In the chain, select "2 - RZ CA"
> >
> > The certificate state is shown as "Rejected, possibly due to an invalid
> > purpose"
>
> It is strange that the whole chain has been accepted nonetheless. Could it
> be that we pass the wrong purpose when the dialog checks the individual
> certificate in the chain?

I can confirm now, in the KDE SSL Information dialog we check whether the 
certificate can be used for the SSLServer purpose. That's wrong,  we should 
check whether it can be used as part of the certificate chain to sign the 
certificate that is has signed.

I am working on a patch but I need to have a few test-sites with invalid 
certificate chains to test.

Cheers,
Waldo
- -- 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
^ bastian at kde.org | Is your software SUSE LINUX READY? | bastian at suse.com
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAdUcIN4pvrENfboIRAgpxAJ49L92KoA/uphJ3vHaczld6t2rXywCeMTHW
4sEqlhCz1TwgJgtdtBhDtVo=
=aKem
-----END PGP SIGNATURE-----




More information about the kfm-devel mailing list