Version: (using KDE 4.0.0) Disclaimer: I do not speak C++ well and it is 05:36 local. Long story short, the error messages of KSSL for OpenSSL's verify(1) are very broad and inspecific, in one case (KSSLCertificate::Expired) hiding eight(!) distinct errors behind itself. I created three patches which apply to current svn trunk, but will definately not work, yet. I am more in the looking for feeback phase. I talked to George Staikos, who told me to find another sponsor for the patch as he was not active within KSSL, any more. Known issues: 1) I could not fully check for all occurences of KSSLCertificate::Rejected and KSSLCertificate::Revoked as I had too many hits. From searching for the other keywords, I am reasonably sure I hit all of them, though. 2) The order in the enum of keywords in ksslcertificate.h does not match the one in ksslcertificate.cpp, yet. 3) kjavaappletserver.cpp does not carry the needed changes, yet (too late at night, need sleep). 4) X509_V_ERR_AKID_SKID_MISMATCH and X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH do not have any strings yet, as I could not wrap my head around the wording in the OpenSSL docs. Names I changed/split into parts are: Rejected CertificateRejected Revoked CertificateRevoked Untrusted CertificateUntrusted SelfSignedChain SelfSignedInChain SignatureFailed VerifyLeafSignatureFailed CertificateSignatureFailed CRLSignatureFailed DecryptCertificateSignatureFailed DecryptCRLSignatureFailed InvalidCA InvalidCA GetIssuerCertFailed DecodeIssuerPublicKeyFailed GetIssuerCertLocallyFailed Expired CertificateNotYetValid CertificateHasExpired CRLNotYetValid CRLHasExpired CertificateFieldNotBeforeErroneous CertificateFieldNotAfterErroneous CRLFieldLastUpdateErroneous CRLFieldNextUpdateErroneous Newly created: ApplicationVerificationFailed OutOfMemory GetCRLFailed CertificateChainTooLong KeyMayNotSignCertificate As, apart from many/most tooltips in KMail's encryption settings some years ago, this is my first patch for KDE, it is highly likely that I missed something and/or failed to follow established coding guidelines. Please be gentle :) One related questions is if I need to add myself to the copyright section of the files. From the looks of it, I would say not, but I am external. I am, of course, fine with GPLv2+ so there should be no problems, anyway. Any and all feedback appreciated.
Created attachment 23359 [details] patch for ksslcertificate.h
Created attachment 23360 [details] patch for ksslcertificate.cpp
Created attachment 23361 [details] patch for kjavaappletserver.cpp
Oh, and the patches apply to 3.5 as well. There is a tiny issue with kdDebug vs kDebug, but else..
Created attachment 23392 [details] new version of ksslcertificate.h.patch
Created attachment 23393 [details] new version of ksslcertificate.cpp.patch
Created attachment 23394 [details] new version of kjavaappletserver.cpp.patch
I will stop posting the patches here, for now. This discussion moved over to kde-devel-core [1]. I will close this bug when the patches are merged. Richard [1] http://lists.kde.org/?l=kde-core-devel&m=120188393728889&w=2
Created attachment 23404 [details] yet another version of ksslcertificate.h.patch
Created attachment 23405 [details] yet another version of ksslcertificate.cpp.patch
Created attachment 23406 [details] yet another version of kjavaappletserver.cpp.patch
Attached here, as there is a 40 kB limit on kde-core-devel
Created attachment 23446 [details] yet another kjavaappletserver.cpp.patch
SVN commit 771938 by dfaure: Use KSSLCertificate::verifyText instead of duplicating the error messages here. CCBUG: 156948 M +10 -42 kjavaappletserver.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=771938
SVN commit 771943 by dfaure: Patch by Richard Hartmann (I only changed the doxygen comment for the enum so that the KDE5 TODO doesn't replace the real dox) "Long story short, the error messages of KSSL for OpenSSL's verify(1) are very broad and inspecific, in one case (KSSLCertificate::Expired) hiding eight(!) distinct errors behind itself." Patch also reindents the stuff since the indentation was really weird in this code. BUG: 156948 M +808 -612 ksslcertificate.cpp M +266 -239 ksslcertificate.h WebSVN link: http://websvn.kde.org/?view=rev&revision=771943
SVN commit 771958 by dfaure: Fix compilation CCBUG: 156948 M +2 -1 ksslcertificate.h WebSVN link: http://websvn.kde.org/?view=rev&revision=771958
Thanks a lot! Could you apply the same patches to 3.5 as well, please? You will need to fix the kdDebug vs kDebug thing in ksslcertificate.cpp.patch, but you are prolly faster doing it by hand than /me submitting yet another patch (If you want me to it, tell me, though). Richard
3.5 is message-frozen, we can't add new i18n calls there. Also I'm not even sure there'll be a new 3.5.x release.
Ah, OK, then. I did not know there was a message freeze. The KDE PIM teams seems to be certain that there will be a 3.5.9. Others have expressed the same. Personally, I think it would make sense as the wait for 4.1 will be long-ish.