Bug 51849

Summary: Certificate chain import doesn't update trust
Product: [Frameworks and Libraries] kio Reporter: Rick van Rein <rick>
Component: ksslAssignee: George Staikos <staikos>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: RedHat Enterprise Linux   
OS: Linux   
Latest Commit: Version Fixed In:

Description Rick van Rein 2002-12-13 13:19:45 UTC 
Version:           3.0.3-1 (using KDE KDE 3.0.3)
Installed from:    RedHat RPMs
Compiler:          gcc-3.2-7 Didn't compile software myself
OS:          Linux

When presented with a PKCS #7 package containing a certificate chain, Konqueror presents a dialogue in which every certificate in the chain can be evaluated separately.  Nice!

If the chain includes a signing cert and one or more (indirectly) signed certs, then all show as untrustworthy.  Correct.  But after importing the top cert, everything changes, and the state displayed is not updated.  This may throw off uninformed customers, or it would force CAs to break up imports to Konqueror in one-step-at-a-time imports.

I consider it a bug to not update the states of certificates after each single import; and it would be nice if the certs also stated something like `signed by another in this bunch' instead of `cannot find the signing cert for this one'.

Thanks,
Rick van Rein.
Comment 1 George Staikos 2003-07-28 18:27:24 UTC 
Subject: kdelibs/kcert

CVS commit by staikos: 

Update the certificate status each time it is displayed so that we can take
advantage of changes to the trust database.

CCMAIL: 51849-done@bugs.kde.org


  M +4 -1      kcertpart.cc   1.38


--- kdelibs/kcert/kcertpart.cc  #1.37:1.38
@@ -1,5 +1,5 @@
 /* This file is part of the KDE project
  *
- * Copyright (C) 2001,2002 George Staikos <staikos@kde.org>
+ * Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
  *
  * This library is free software; you can redistribute it and/or
@@ -783,4 +783,5 @@ void KCertPart::slotSelectionChanged(QLi
                         return;
                 }
+                x5i->cert->revalidate();
                 _blankFrame->hide();
                 _pkcsFrame->hide();
@@ -795,4 +796,5 @@ void KCertPart::slotSelectionChanged(QLi
                         return;
                 }
+                x5i->cert->revalidate();
                 _blankFrame->hide();
                 _pkcsFrame->hide();
@@ -807,4 +809,5 @@ void KCertPart::slotSelectionChanged(QLi
                         return;
                 }
+                p12i->cert->revalidate();
                 _blankFrame->hide();
                 _x509Frame->hide();
Comment 2 George Staikos 2003-07-28 18:34:50 UTC 
For your information, this might take a small amount of time to update due to the 
database being rebuilt asynchronously.  Please reopen if the fix doesn't work.  I 
haven't really tested it, and I am not sure that I want to backport this one yet.