Re: Authenticity check failures in konqueror

To: debian-kde@lists.debian.org
Cc: Rainer Dorsch <ml@bokomoko.de>
Subject: Re: Authenticity check failures in konqueror
From: Allan Sandfeld Jensen <linux@carewolf.com>
Date: Wed, 29 Oct 2014 17:36:31 +0100
Message-id: <[🔎] 201410291736.32020.linux@carewolf.com>
In-reply-to: <[🔎] 3038738.Jo7ArExy1X@blackbox>
References: <[🔎] 1563709.HtBZgdzvF7@blackbox> <[🔎] 201410281522.11822.linux@carewolf.com> <[🔎] 3038738.Jo7ArExy1X@blackbox>

On Tuesday 28 October 2014, Rainer Dorsch wrote:
> On Tuesday 28 October 2014 15:22:11 Allan Sandfeld Jensen wrote:
> > On Sunday 26 October 2014, Martin Steigerwald wrote:
> > > Am Sonntag, 26. Oktober 2014, 11:44:27 schrieb Rainer Dorsch:
> > > > Hello,
> > > 
> > > Hello Rainer,
> > > 
> > > > I see a lot of "authenticity check" failures when using Konqueror. Do
> > > > I have a bad config or do other people see that as well (and have
> > > > given up using konqueror)?
> > > 
> > > I see this as well, for example with any side that access fbstatic.com
> > > (or so) seems some static Facebook content server. I never see this
> > > when accessing the same site with Iceweasel.
> > > 
> > > I tried Qupzilla as Konqueror seems to have more and more issues with
> > > websites, but while it works quite nice I also have some issues with
> > > it:
> > > 
> > > - It doesn´t handle man:/ls and things like Konqueror
> > > - It opens new sites in new tabs. I use activities and it opens just
> > > one window and opens new site I load with Alt-F2 someurl into new tab
> > > on a Qupzilla window even when it is on a different activity.
> > > 
> > > I´d love to see Konqueror getting some developer love :).
> > > 
> > > For me currently all browsers have their pitfalls. Chromium had the API
> > > key
> > > error stuff (no sorted I think), and its non standard GUI controls,
> > > Iceweasel… well on some sites I can´t open dynamic menus, but might be
> > > some extension. And Qupzilla see above, and Konqueror… well… with
> > > WebKit engine no zoom keys in Akregator and with khtml… hmmm… display
> > > errors on quote some webpages.
> > 
> > This is caused by Debian using the Mozilla certificate store as their
> > own. The Mozilla certificate store is only meant for Mozilla and the NSS
> > library, and doesn't work with OpenSSL like Qt uses.
> 
> Thanks for your reply, Allan.
> 
> Is there a bug report for this issue?
> 
No. In this particular case it appears the issue has been that GTE CyberTrust 
Global Root has been missing for a year, and now that it has finally been re-
added it is apparently not marked as applying to webservers.

The reason it doesn't affect Firefox is because the way NSS and OpenSSL 
handles chains of trust is different, which means Firefox and Chrome never 
even looks for that certificate. I don't personally understand the part about 
chains of trust, but trust Richard Moore on the issue, who told me that is a 
well-known  problem if you use a certificate store only meant for one of them.

`Allan

Reply to:

Follow-Ups:
- Re: Authenticity check failures in konqueror
  - From: Raúl Sánchez Siles <rasasi78@gmail.com>

References:
- Authenticity check failures in konqueror
  - From: Rainer Dorsch <ml@bokomoko.de>
- Re: Authenticity check failures in konqueror
  - From: Allan Sandfeld Jensen <linux@carewolf.com>
- Re: Authenticity check failures in konqueror
  - From: Rainer Dorsch <ml@bokomoko.de>

Prev by Date: Re: Authenticity check failures in konqueror
Next by Date: Re: Authenticity check failures in konqueror
Previous by thread: Re: Authenticity check failures in konqueror
Next by thread: Re: Authenticity check failures in konqueror
Index(es):
- Date
- Thread