Certificate "not issues to the server who is presenting it"?

Martijn Klingens klingens at kde.org
Thu Dec 29 15:43:18 GMT 2005 

Hiya,

This week  I'm sitting at an office with a rather strict proxy, so no IMAP
for me this time. Instead I'm using squirrelmail over https, which
automatically refreshes the left frame (folder list and unread mail
count).

Every couple of automatic refreshes (but not always!) I get presented a
message box "You have indicated that you wish to accept this certificate,
but it is not issued to the server who is presenting it. Do you wish to
continue loading?"

Hitting refresh manually or clicking the "update" link in that frame never
triggers this, only the automatic update.

KDE 3.5 branch from about two weeks ago. Does anyone know what this
message means at all? Does anyone know how to fix it? Since it's not
happening all the time I really don't know where to look.

Some seemingly relevant info from .xsession-errors below (with obfuscated
hostname and some minor snipping as indicated by [...]). The message that
looks most suspicious to me is "Can't reuse session, no certificate".

FWIW, the proxy is MS ISA Server and the webserver is Apache using a
self-signed certificate. I haven't had any problems with my webmail
before, and as I said, I can only see it happening on the automatic
refresh, never with manually triggered actions.

This is the first time I'm using my webmail with KDE 3.5, and persistant
proxy connections are on due to the NTLM authentication.

As a final note: only tomorrow I'll still be sitting here, so afterwards I
can no longer test or verify anything.

Thanks for any hints!

Martijn

kio_http: (13521) ============ Sending Header:
kio_http: (13521) GET /src/left_main.php HTTP/1.1
kio_http: (13521) Connection: Keep-Alive
kio_http: (13521) Proxy-Connection: Keep-Alive
[...]
kssl: TCPSlaveBase::doSSLHandShake:
kssl: KSSL initialize
kssl: Cipher list is: [...]
kssl: Cipher list: [...]
kssl: Setting real hostname: webmail.xxxxxxxxxxxxxx
kssl: Can't reuse session, no certificate.
kssl: KSSL connected OK
DCOP: register 'anonymous-13521' -> number of clients is now 22
kssl: X509Callback: ok = 0 error = 18 depth = 0
kssl: X509Callback: ok = 0 error = 18 depth = 0
kssl: Matching CN=[webmail.xxxxxxxxxxxxxx] to [webmail.xxxxxxxxxxxxxx]
kssl: SSL HTTP frame the parent? FALSE
kio (kioslave): messageBox 2 You have indicated that you wish to accept
this certificate, but it is not issued to the server who is presenting it.
Do you wish to continue loading? - Server Authentication

More information about the kfm-devel mailing list