51849 – Certificate chain import doesn't update trust

Bug 51849 - Certificate chain import doesn't update trust

Summary: Certificate chain import doesn't update trust

Status:	RESOLVED FIXED

Alias:	None

Product:	kio
Classification:	Frameworks and Libraries
Component:	kssl (show other bugs)
Version:	unspecified
Platform:	RedHat Enterprise Linux Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	George Staikos

URL:
Keywords:

Depends on:
Blocks:

Reported:	2002-12-13 13:19 UTC by Rick van Rein
Modified:	2003-07-28 18:34 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Rick van Rein 2002-12-13 13:19:45 UTC

Version:           3.0.3-1 (using KDE KDE 3.0.3)
Installed from:    RedHat RPMs
Compiler:          gcc-3.2-7 Didn't compile software myself
OS:          Linux

When presented with a PKCS #7 package containing a certificate chain, Konqueror presents a dialogue in which every certificate in the chain can be evaluated separately.  Nice!

If the chain includes a signing cert and one or more (indirectly) signed certs, then all show as untrustworthy.  Correct.  But after importing the top cert, everything changes, and the state displayed is not updated.  This may throw off uninformed customers, or it would force CAs to break up imports to Konqueror in one-step-at-a-time imports.

I consider it a bug to not update the states of certificates after each single import; and it would be nice if the certs also stated something like `signed by another in this bunch' instead of `cannot find the signing cert for this one'.

Thanks,
Rick van Rein.

Comment 1 George Staikos 2003-07-28 18:27:24 UTC

Subject: kdelibs/kcert

CVS commit by staikos: 

Update the certificate status each time it is displayed so that we can take
advantage of changes to the trust database.

CCMAIL: 51849-done@bugs.kde.org


  M +4 -1      kcertpart.cc   1.38


--- kdelibs/kcert/kcertpart.cc  #1.37:1.38
@@ -1,5 +1,5 @@
 /* This file is part of the KDE project
  *
- * Copyright (C) 2001,2002 George Staikos <staikos@kde.org>
+ * Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
  *
  * This library is free software; you can redistribute it and/or
@@ -783,4 +783,5 @@ void KCertPart::slotSelectionChanged(QLi
                         return;
                 }
+                x5i->cert->revalidate();
                 _blankFrame->hide();
                 _pkcsFrame->hide();
@@ -795,4 +796,5 @@ void KCertPart::slotSelectionChanged(QLi
                         return;
                 }
+                x5i->cert->revalidate();
                 _blankFrame->hide();
                 _pkcsFrame->hide();
@@ -807,4 +809,5 @@ void KCertPart::slotSelectionChanged(QLi
                         return;
                 }
+                p12i->cert->revalidate();
                 _blankFrame->hide();
                 _x509Frame->hide();

Comment 2 George Staikos 2003-07-28 18:34:50 UTC

For your information, this might take a small amount of time to update due to the 
database being rebuilt asynchronously.  Please reopen if the fix doesn't work.  I 
haven't really tested it, and I am not sure that I want to backport this one yet.