Bug 254268 - No support for TLS extension SNI
Summary: No support for TLS extension SNI
Status: RESOLVED DUPLICATE of bug 304212
Alias: None
Product: kio
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: 4.5
Platform: Arch Linux Linux
: NOR normal
Target Milestone: ---
Assignee: David Faure
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-15 15:36 UTC by alex
Modified: 2012-07-31 22:25 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description alex 2010-10-15 15:36:00 UTC 
Version:           4.5 (using KDE 4.5.2) 
OS:                Linux

SNI, Server Name Identification is an extension to TLS that allows the client to request the domain name before the certificate is committed to by the server. This allows you do have multiple websites using TLS but all on the same IP address.

When clicking on a https URL within KMail that goes to one of our websites which is on a server using SNI, I get an error message stating the TLS/SSL certificate is invalid since it is using the wrong certificate for the domain I am actually accessing.

Reproducible: Always

Steps to Reproduce:
Setup a httpd server and use SNI so host multiple TLS websites on 1 IP address
Click on a link in KMail to open this in the default browser

Actual Results:  
Dialog box from KIOExec state the certificate is incorrect

Expected Results:  
Default browser should open the URL just fine
Comment 1 meyerm 2011-01-28 23:59:13 UTC 
See #174933 and #122433 . George Staikos said on 2006-03-09:
"Supported in 0.9.9.  Will add for 4.0"

So the devs are at least aware ;-)
Comment 2 Myriam Schweingruber 2012-07-31 22:25:50 UTC 

*** This bug has been marked as a duplicate of bug 304212 ***