Bug#243743: konqueror: https fails if server requests a client certificate
Package: konqueror
Version: 4:3.2.2-1
Severity: important
Hello. This may not be specific to Konqueror, but it's certainly
manifesting itself there. Our site makes fairly extensive use of
client-side ssl certificates for authentication to web services. These
are certificates that show up under "Your Certificates" in the KDE
crypto configuration. Apparently starting with KDE 3.2, konqueror will
no longer display web pages that require certificate based
authentication.
When trying to access such a page, a kdeinit process is spawned that
looks like this in ps:
1088 ? R 0:48 kdeinit: kio_http https /tmp/ksocket-noahm/klauncherzhLW1b.slave-socket /tmp/ksocket-noahm/konquerorXPqK9a.slave-socket
This process spins, sucking up 100% of the available CPU cycles. While
this is running, konq displays "<host> contacted. waiting for reply..."
in the status bar, and the konqueror logo spins. It seems to keep this
up forever, or at least for longer than my patience can stand. I've
left it alone for roughly 20 minutes with no change in konqueror's
status. Pressing konqueror's stop button kills the kdeinit process.
The web server (woody's apache + mod_ssl) logs the request as resulting
in a 403, which is consistant with the behavior I'd expect if the
certificate exchange wasn't successful.
More details, including a stack trace of the kdeinit process and a
packet capture of the attempted certificate exchange are available if
you want them.
noah
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.25+ipsec
Locale: LANG=C, LC_CTYPE=C
Versions of packages konqueror depends on:
ii kcontrol 4:3.2.2-1 KDE Control Center
ii kdebase-kio-plugins 4:3.2.2-1 KDE I/O Slaves
ii kdelibs4 4:3.2.2-1 KDE core libraries
ii kdesktop 4:3.2.2-1 KDE Desktop
ii kfind 4:3.2.2-1 KDE File Find Utility
ii libart-2.0-2 2.3.16-3 Library of functions for 2D graphi
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libfam0c102 2.7.0-5 client library to control the FAM
ii libgcc1 1:3.3.3-6 GCC support library
ii libice6 4.3.0-7 Inter-Client Exchange library
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii libkonq4 4:3.2.2-1 Core libraries for KDE's file mana
ii libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi
ii libpng12-0 1.2.5.0-5 PNG library - runtime
ii libqt3c102-mt 3:3.2.3-2 Qt GUI Library (Threaded runtime v
ii libsm6 4.3.0-7 X Window System Session Management
ii libstdc++5 1:3.3.3-6 The GNU Standard C++ Library v3
ii libx11-6 4.3.0-7 X Window System protocol client li
ii libxext6 4.3.0-7 X Window System miscellaneous exte
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii xlibs 4.3.0-7 X Window System client libraries m
ii zlib1g 1:1.2.1-5 compression library - runtime
-- no debconf information
Reply to: