[WebKit-devel] [kwebkitpart] [Bug 335389] New: Konqueror + WebKit displays wrong SSL certificate information (if iframe contains content from another domain)

[Christian Boltz]

https://bugs.kde.org/show_bug.cgi?id=335389

            Bug ID: 335389
           Summary: Konqueror + WebKit displays wrong SSL certificate
                    information (if iframe contains content from another
                    domain)
    Classification: Unclassified
           Product: kwebkitpart
           Version: 1.3.3
          Platform: openSUSE RPMs
               URL: https://www.neueverwaltung.de/
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: webkit-devel at kde.org
          Reporter: kde-bugs at cboltz.de

Created attachment 86840
  --> https://bugs.kde.org/attachment.cgi?id=86840&action=edit
screenshot showing the certificate details

Konqueror (with WebKit) displays wrong SSL certificate information. This
happens only if the page contains an iframe with content from another domain,
like a twitter box.

If you want to see this bug in action, go to https://www.neueverwaltung.de/ and
then, after the twitter box is loaded, view the certificate details.

You'll get something like:
Address: www.neueverwaltung.de
IP address: 199.16.156.230  <-- Twitter
Common name: twitter.com
(see attached screenshot for more details)

This bug does _not_ happen:
- on a subpage without a twitter box (I get the correct certificate details of
www.neueverwaltung.de there)
- when using KHTML instead of WebKit
- if you view the certificate details very fast, before the twitter box is
loaded (which means the twitter certificate "overwrites" the certificate
details)

-- 
You are receiving this mail because:
You are the assignee for the bug.