333364 – Konqueror allows user to view a site with a revoked TLS certificate

Bug 333364 - Konqueror allows user to view a site with a revoked TLS certificate

Summary: Konqueror allows user to view a site with a revoked TLS certificate

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	4.13.0
Platform:	Debian stable Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:	162485
	Show dependency tree / graph

Reported:	2014-04-13 03:31 UTC by Matthew Flaschen
Modified:	2022-11-21 05:15 UTC (History)
CC List:	6 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew Flaschen 2014-04-13 03:31:39 UTC

For example, try https://www.cloudflarechallenge.com/ .  This was deliberately revoked (after the Heartbleed challenge) to test brower behavior (http://blog.cloudflare.com/certificate-revocation-and-heartbleed).

Firefox correctly blocks the user from visiting the site.

Reproducible: Always

Steps to Reproduce:
1. Visit a site with a revoked TLS certificate.
Actual Results:  
It loads normally.

Expected Results:  
It does not load, and notifies the user of the security problem.

Comment 1 Bert Yerke 2014-04-29 02:35:31 UTC

Confirmed in 4.13.0
Not only that but there is no option to turn on such functionality.

Comment 2 Dawit Alemayehu 2014-05-01 13:05:05 UTC

This is an upstream issue. We use Qt's networking classes for SSL support and currently it does provide a means for checking certificate revokation. IOW, it does not yet support OCSP. See https://bugreports.qt-project.org/browse/QTBUG-12812.

Comment 3 Justin Zobel 2022-10-22 00:00:07 UTC

Thank you for reporting this bug in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "CONFIRMED" when replying. Thank you!

Comment 4 Martin Steigerwald 2022-10-22 08:09:04 UTC

According to the upstream bug report that Dawit referenced the issue should be fixed since Qt 5.13.

Comment 5 Bug Janitor Service 2022-11-06 05:07:13 UTC

Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!

Comment 6 Bug Janitor Service 2022-11-21 05:15:02 UTC

This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!