Re: Authenticity check failures in konqueror
Hi:
El Miércoles, 29 de octubre de 2014 17:36:31 Allan Sandfeld Jensen escribió:
> On Tuesday 28 October 2014, Rainer Dorsch wrote:
> > On Tuesday 28 October 2014 15:22:11 Allan Sandfeld Jensen wrote:
> > > On Sunday 26 October 2014, Martin Steigerwald wrote:
> > > > Am Sonntag, 26. Oktober 2014, 11:44:27 schrieb Rainer Dorsch:
> > > > > Hello,
> > > >
> > > > Hello Rainer,
> > > >
> > > > > I see a lot of "authenticity check" failures when using Konqueror.
> > > > > Do
> > > > > I have a bad config or do other people see that as well (and have
> > > > > given up using konqueror)?
> > > >
[...]
> > >
> > > This is caused by Debian using the Mozilla certificate store as their
> > > own. The Mozilla certificate store is only meant for Mozilla and the NSS
> > > library, and doesn't work with OpenSSL like Qt uses.
> >
> > Thanks for your reply, Allan.
> >
> > Is there a bug report for this issue?
>
> No. In this particular case it appears the issue has been that GTE
> CyberTrust Global Root has been missing for a year, and now that it has
> finally been re- added it is apparently not marked as applying to
> webservers.
>
> The reason it doesn't affect Firefox is because the way NSS and OpenSSL
> handles chains of trust is different, which means Firefox and Chrome never
> even looks for that certificate. I don't personally understand the part
> about chains of trust, but trust Richard Moore on the issue, who told me
> that is a well-known problem if you use a certificate store only meant for
> one of them.
>
> `Allan
This is just to confirm the (annoying) issue here as well. And thank Allan
for the explanations.
Anyway if anyone knows further actions or links to follow the issue, they
are appreciated.
Regards,
--
Raúl Sánchez Siles
----->Proud Debian user<-----
Linux registered user #416098
Reply to: