Bug 160394 - SSL negotiation fails on every SSL-enabled page
Summary: SSL negotiation fails on every SSL-enabled page
Status: RESOLVED WORKSFORME
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR normal
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-04-05 12:34 UTC by Michal Ostrowski
Modified: 2008-10-03 18:42 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michal Ostrowski 2008-04-05 12:34:57 UTC
Version:           4.0.3 (KDE 4.0.3) (using 4.0.3 (KDE 4.0.3), Gentoo)
Compiler:          i686-pc-linux-gnu-gcc
OS:                Linux (i686) release 2.6.24-zen1-ufoman-g2a89a314

Konqueror cannot establish SSL connection to any page that uses it, no matter if it's self-signed certificate or not.
Selecting different ciphers in settings does not work, same with downgrading openssl, but:
with openssl 0.9.8f (I have 0.9.8g now) konqueror was able to load a page partially second time (first refresh) and fail with aforementioned error any other time.

Steps to reproduce:
1. Open any webpage that uses SSL.

Expected behaviour:
1. Any page using SSL should load.
Comment 1 Michal Ostrowski 2008-04-05 18:03:48 UTC
Looks like konq behaves the same way with 0.9.8g...
Comment 2 Öyvind Saether 2008-04-26 19:38:20 UTC
I also had this problem. I found The Solution.

I read the secret QCA documents at http://delta.affinix.com/qca/ and I now know their TOTAL PLAN to hurd you into having https support in Konqueror. Their plan is to only include SHA1 and MD5 in QCA itself and force you to install other packages to get other crypto support.

The QCA v2.x framework has the https support in the package qca-ossl (The GNU variant Gentoo names it app-crypt/qca-ossl).

No qca-ossl then no https, no TLS, no nothing without it.

The Gentoo ebuilds for KDE does NOT require the qca-ossl package as a dependancy, which is why numerous Gentoo users - including myself - have this problem.

It is apparent that this is really a downstream bugs.gentoo.org problem which can be solved by adding qca-ossl as a dep for kdelibs in the Gentoo build system, not a KDE core bug.
Comment 3 Pino Toscano 2008-04-26 19:53:02 UTC
@Øyvind Sæther:
kdelibs does not use QCA *at all*, so far.

So, your solution is completely wrong, sorry.
Comment 4 Frank Reininghaus 2008-10-03 16:28:43 UTC
Can anyone still reproduce this? I can open pages using SSL like https://bugs.kde.org/ with 4.1.1 (Kubuntu) and today's trunk without problems.
Comment 5 Michal Ostrowski 2008-10-03 18:30:17 UTC
I think that problem was result of a bug in Qt 4.3. This bug is no longer valid.
Comment 6 Frank Reininghaus 2008-10-03 18:42:04 UTC
Thanks for the update. Please close bugs with WORKSFORME if you can't reproduce them any more, FIXED is only to be used by developers.