[Bug 286936] [NEW] konqueror/crypto manager lose trusted certificates
Matthias Andree
matthias.andree at gmx.de
Tue Oct 21 11:46:14 UTC 2008
Public bug reported:
Binary package hint: kdebase-runtime
Note this is a showstopper bug for Intrepid Ibex
kdebase-runtime 4:4.1.2-0ubuntu6.
I cannot import root certificates with the Crypto manager if I choose
"SSL signers" . No matter if I use Konqueror or "kcmshell4 crypto", the
crypto manager displays just common name, but no details when I click on
the certificate besides the MD5 sum. The Crypt Manager doesn't save the
certificate.
Consequence: Konqueror cannot connect to HTTPS:// sites and complains
about a self-signed root cert. (While I could theoretically override
that and continue nonetheless, I'm not doing that since it defeats
detection of MITM attack.)
Here's the cert in question, it works perfectly with openssl and gnutls-
cli:
$ cat /etc/ssl/certs/deutsche-telekom-root-ca-2.pem
-----BEGIN CERTIFICATE-----
MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
Cm26OWMohpLzGITY+9HPBVZkVw==
-----END CERTIFICATE-----
And here's the text dump (shortened a bit)
$ openssl x509 -text -noout -in /etc/ssl/certs/deutsche-telekom-root-ca-2.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38 (0x26)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
Validity
Not Before: Jul 9 12:11:00 1999 GMT
Not After : Jul 9 23:59:00 2019 GMT
Subject: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ab:0b:a3:35:e0:8b:29:14:b1:14:85:af:3c:10:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:C3:79:1B:BA:F5:53:D7:17:E0:89:7A:2D:17:6C:0A:B3:2B:9D:33
X509v3 Basic Constraints:
CA:TRUE, pathlen:5
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
94:64:59:ad:39:64:e7:29:eb:13:fe:5a:c3:8b:13:57:c8:04:
...
** Affects: kdebase-runtime (Ubuntu)
Importance: Undecided
Status: New
--
konqueror/crypto manager lose trusted certificates
https://bugs.launchpad.net/bugs/286936
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdebase-runtime in ubuntu.
More information about the kubuntu-bugs
mailing list