Fwd: kssl: certificate weirdness

Waldo Bastian bastian at kde.org
Thu Apr 8 14:20:18 BST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu April 8 2004 14:35, Waldo Bastian wrote:
> On Mon April 5 2004 13:27, Waldo Bastian wrote:
> > > In Konqueror, open:
> > > https://www.uni-konstanz.de/
> > > It should open without any problem since it was signed by a CA which
> > > was signed by the DFN Root CA
> > >
> > > look at the KDE SSL Information (View -> Security).
> > > In the chain, select "2 - RZ CA"
> > >
> > > The certificate state is shown as "Rejected, possibly due to an invalid
> > > purpose"
> >
> > It is strange that the whole chain has been accepted nonetheless. Could
> > it be that we pass the wrong purpose when the dialog checks the
> > individual certificate in the chain?
>
> I can confirm now, in the KDE SSL Information dialog we check whether the
> certificate can be used for the SSLServer purpose. That's wrong,  we should
> check whether it can be used as part of the certificate chain to sign the
> certificate that is has signed.
>
> I am working on a patch but I need to have a few test-sites with invalid
> certificate chains to test.

Patch attached. Still needs testing on sites with invalid certificate chains.

Cheers,
Waldo
- -- 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
^ bastian at kde.org | Is your software SUSE LINUX READY? | bastian at suse.com
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAdVGSN4pvrENfboIRAt/wAJ4uJZw+UHSlO28azeRoCbbJKtZZswCgovJT
yhuYj2g3cHfjaEzL8IGTZm4=
=fUsR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kssl_dlg.patch
Type: text/x-diff
Size: 6702 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20040408/c33de71e/attachment.patch>


More information about the kfm-devel mailing list