Bug#243743: konqueror: https fails if server requests a client certificate

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#243743: konqueror: https fails if server requests a client certificate
From: Noah Meyerhans <noahm@debian.org>
Date: Wed, 14 Apr 2004 14:00:13 -0400
Message-id: <[🔎] E1BDogH-0000JH-IT@locutus.csail.mit.edu>
Reply-to: Noah Meyerhans <noahm@debian.org>, 243743@bugs.debian.org

Package: konqueror
Version: 4:3.2.2-1
Severity: important

Hello.  This may not be specific to Konqueror, but it's certainly
manifesting itself there.  Our site makes fairly extensive use of
client-side ssl certificates for authentication to web services.  These
are certificates that show up under "Your Certificates" in the KDE
crypto configuration.  Apparently starting with KDE 3.2, konqueror will
no longer display web pages that require certificate based
authentication.

When trying to access such a page, a kdeinit process is spawned that
looks like this in ps:
1088 ?        R      0:48 kdeinit: kio_http https /tmp/ksocket-noahm/klauncherzhLW1b.slave-socket /tmp/ksocket-noahm/konquerorXPqK9a.slave-socket

This process spins, sucking up 100% of the available CPU cycles.  While
this is running, konq displays "<host> contacted. waiting for reply..."
in the status bar, and the konqueror logo spins.  It seems to keep this
up forever, or at least for longer than my patience can stand.  I've
left it alone for roughly 20 minutes with no change in konqueror's
status.  Pressing konqueror's stop button kills the kdeinit process.

The web server (woody's apache + mod_ssl) logs the request as resulting
in a 403, which is consistant with the behavior I'd expect if the
certificate exchange wasn't successful.

More details, including a stack trace of the kdeinit process and a
packet capture of the attempted certificate exchange are available if
you want them.

noah

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.25+ipsec
Locale: LANG=C, LC_CTYPE=C

Versions of packages konqueror depends on:
ii  kcontrol                    4:3.2.2-1    KDE Control Center
ii  kdebase-kio-plugins         4:3.2.2-1    KDE I/O Slaves
ii  kdelibs4                    4:3.2.2-1    KDE core libraries
ii  kdesktop                    4:3.2.2-1    KDE Desktop
ii  kfind                       4:3.2.2-1    KDE File Find Utility
ii  libart-2.0-2                2.3.16-3     Library of functions for 2D graphi
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libfam0c102                 2.7.0-5      client library to control the FAM 
ii  libgcc1                     1:3.3.3-6    GCC support library
ii  libice6                     4.3.0-7      Inter-Client Exchange library
ii  libjpeg62                   6b-9         The Independent JPEG Group's JPEG 
ii  libkonq4                    4:3.2.2-1    Core libraries for KDE's file mana
ii  libpcre3                    4.5-1.1      Perl 5 Compatible Regular Expressi
ii  libpng12-0                  1.2.5.0-5    PNG library - runtime
ii  libqt3c102-mt               3:3.2.3-2    Qt GUI Library (Threaded runtime v
ii  libsm6                      4.3.0-7      X Window System Session Management
ii  libstdc++5                  1:3.3.3-6    The GNU Standard C++ Library v3
ii  libx11-6                    4.3.0-7      X Window System protocol client li
ii  libxext6                    4.3.0-7      X Window System miscellaneous exte
ii  libxrender1                 0.8.3-7      X Rendering Extension client libra
ii  xlibs                       4.3.0-7      X Window System client libraries m
ii  zlib1g                      1:1.2.1-5    compression library - runtime

-- no debconf information

Reply to:

Prev by Date: Bug#243590: kdm is segfaulting on start
Next by Date: Bug#243749: man pages are f*cking useless
Previous by thread: Bug#221477: Still the case in 0.7.7 (kde 3.2.2)
Next by thread: Bug#243749: man pages are f*cking useless
Index(es):
- Date
- Thread