[Bug 334191]

Bernd-paysan 334191 at bugs.launchpad.net
Wed Nov 7 19:56:57 UTC 2018 

What info is needed?

There has been some progress, both in what Konqueror can do, and about
what's now considered good practice, so the situation is not the same as
in 2008 anymore.

If you want to check whether server certificate work, go through
https://badssl.com, that is a full test suite for everything around ssl
certificates and some more.  All green links shall work, all red links
shall error. There needs to be a way to deal with client certificates
(also tested; badssl.com provides two certificates, a good and a bad one
to check success and failure). There are still several cases on
badssl.com where Konqueror misbehaves, but it's not that awful. pinning-
test is something that is phased out (i.e. even Chromium accepts the
pinning-test site).

I've succeeded to add my own untrustworthy CA (one of my own test cases)
permanently (which is good), but didn't find a way to get rid of it
again (which is not so good), though I rm'd the ksslcertificatemanager
file in ~/.config, which contained said certificate. Maybe I just need
to log out and log in again to make that effective.

My CA has the usual three-stage process, so there's a root, an
intermediate, and an actual server certificate.  After allowing that
certificate “permanently”, the root still was untrusted (ok), the
intermediate was trusted (not so good), and as a consequence the server
certificate is trusted.

The “trust certificate permanently” should only trust the certificate
itself, otherwise KDE should provide an option to select which
certificate in the chain should be trusted permanently.  It also should
be possible later to remove such trust of user-imported certificates.
And the certificate box should state that the trust has been overridden
by the user's own import.

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
https://bugs.launchpad.net/bugs/334191

Title:
  KDE 4 branch SSL certificates support completely broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/kdelibs/+bug/334191/+subscriptions

More information about the kubuntu-bugs mailing list