Bug#525975: konqueror: Cannot verify SSL certificates as only the broken md5 digest is shown, must display SHA1 digest
Package: konqueror
Version: 4:3.5.9.dfsg.1-6
Severity: important
As the md5 digest is broken enough [1],
to verify a certificate a different digest should be displayed.
Iceweasel also shows SHA1, this is what I think is best.
Needless to say: This is a security issue with konqueror.
How to see the problem:
a) Try to go to https://debian.org/ (and make sure that you have not
accepted the certifiacte or ca.debian.org before)
b) You get a question if you want to accept the certificate, press details.
c) The KDE-SSL-Information Konqueror window comes up.
Now you can only see the MD5-Digest.
Expectation: At least the SHA1-Digest should be shown in a detail.
Note: the dialog might come from a different KDE packages, but the security
problem comes up with konqueror being used as a webbrowser, thus I believe this
is the right package to report against first.
[1] http://www.win.tue.nl/hashclash/rogue-ca/
-- System Information:
Debian Release: 5.0.1
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.26-1-powerpc
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages konqueror depends on:
ii kcontrol 4:3.5.9.dfsg.1-6 control center for KDE
ii kdebase-kio-plug 4:3.5.9.dfsg.1-6 core I/O slaves for KDE
ii kdelibs4c2a 4:3.5.10.dfsg.1-0lenny1 core libraries and binaries for al
ii kdesktop 4:3.5.9.dfsg.1-6 miscellaneous binaries and files f
ii kfind 4:3.5.9.dfsg.1-6 file-find utility for KDE
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libkonq4 4:3.5.9.dfsg.1-6 core libraries for Konqueror
ii libqt3-mt 3:3.3.8b-5 Qt GUI Library (Threaded runtime v
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.5-2 X11 client-side library
konqueror recommends no packages.
Versions of packages konqueror suggests:
ii gij-4.1 4.1.1-20 The GNU Java bytecode interpreter
ii khelpcente 4:4.0.0.really.3.5.9.dfsg.1-6 help center for KDE
ii konq-plugi 4:3.5.9-2 plugins for Konqueror, the KDE fil
ii ksvg 4:3.5.9-3 SVG viewer for KDE
pn libgcj7-aw <none> (no description available)
pn libjessie- <none> (no description available)
-- no debconf information
Reply to: