Bug 154060

Summary: No way of viewing HTTPS certificate information
Product: [Applications] konqueror Reporter: Maksim Orlovich <maksim>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: grave CC: ahartmetz, ajv-viaccismic, finex, fredcwells, ivo, jkt, jtate+kde, metrobotte, olfway, rdieter, superaphke, sven.burmeister
Priority: NOR    
Version: 4.0   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Maksim Orlovich 2007-12-14 21:27:23 UTC 
Version:           3.97.1 (KDE 4.0 >= 20071206) (using KDE 3.97.1 (KDE 4.0 >= 20071206), compiled sources)
Compiler:          gcc
OS:                Linux (i686) release 2.6.23.1-tmb-desktop-1mdv

It seems like there is no way of viewing a site's HTTPS 
certificate in trunk. This is security-critical, so I consider this a show stopper.
Comment 1 Maksim Orlovich 2007-12-14 21:39:47 UTC 
Seems like KHTMLPart somehow isn't providing the "security" action.
Comment 2 Maksim Orlovich 2007-12-14 21:43:41 UTC 
George, your r482909 caused this. I'd appreciate if you explained whether this is intentional or not, and if so why.
Comment 3 George Staikos 2007-12-14 21:46:34 UTC 
I did that because it's ugly, confusing, redundant, and should have been cleanly fixed for 4.0
Comment 4 Maksim Orlovich 2007-12-14 21:58:40 UTC 
Well, but that didn't happen... And IMHO showing it the way it is in KDE3.x at least lets one see the organization name, the hostname, etc. The reason I noticed that is that I got a warning on a google site(!), and wanted to see what was up, but had zero way of looking at things.

Obviously, focusing on high-assurance stuff is far more user-friendly and less likely to outright fail, but since it's not there...
Comment 5 FiNeX 2007-12-31 12:09:53 UTC 
Actually, how a user can view certificate information?
Comment 6 FiNeX 2008-05-23 16:15:35 UTC 
*** Bug 162519 has been marked as a duplicate of this bug. ***
Comment 7 FiNeX 2008-05-23 16:16:00 UTC 
*** Bug 155536 has been marked as a duplicate of this bug. ***
Comment 8 FiNeX 2008-06-13 23:05:39 UTC 
*** Bug 163986 has been marked as a duplicate of this bug. ***
Comment 9 giuseppe 2008-06-19 01:35:11 UTC 
Bug is still here on kde 4.1 beta2 :(
Comment 10 Joseph Tate 2008-06-20 05:56:00 UTC 
I sometimes get a green shield icon in the address bar with kdelibs r822325, but it has no tool tip, no click action, and doesn't always show up for the same site.  I don't know what the green icon is supposed to mean, nor what triggers it.
Comment 11 giuseppe 2008-07-07 11:34:00 UTC 
Kde 4.0.84 has this bug still active
Comment 13 giuseppe 2008-07-10 11:23:35 UTC 
On kde 4.1rc1 tagged today
bug is still active.
:(
Comment 14 Joseph Tate 2008-07-12 05:45:00 UTC 
There is still at least one more bug here:  If I type "https://conary.rpath.com/conary/" into the address bar and hit enter, I don't get the green icon.  Once I click on one of the links though, it's there.  Note that /conary/ redirects you to /conary/browse.  The next time I visit the page, the icon is there also, unless I quit konqueror and restart.

This is with KDE 4.1 RC1
Comment 15 giuseppe 2008-07-19 20:37:13 UTC 
Kde 4.1 rc1+

Bug is still not fixed:on some sites
for example https://servizi.quirinale.it/webmail/ works,appear a green icon
and show certificate.
On other sites like https://www.poste.it/online/personale/myposte
show nothing,i don't see any certificate autority like on firefox
and konqueror3 on konqueror4.
Comment 16 Kevin Kofler 2008-07-21 17:39:55 UTC 
Reopening based on comment #13, comment #14 and comment #15.
Comment 17 FiNeX 2008-11-19 12:54:29 UTC 
Tested the provided websites (comment #14 and #13) Konqueror in current trunk shows the right informations.

Someone else can confirm it?
Comment 18 Ivo Anjo 2008-11-19 13:00:11 UTC 
The provided sites seem to work, yes, but I tried some other https sites, and found that this one http://www.mbnet.pt doesn't work when you access it via this url -- if you access the https site directly, https://www.mbnet.pt/MBNet.html , it works ; the http version forwards you to the https one, and that seems to be breaking it.
Comment 19 FiNeX 2008-12-20 18:27:37 UTC 
I confirm comment #18 with current trunk (r898537).
Comment 20 Dario Andres 2009-01-02 13:35:38 UTC 
*** Bug 179327 has been marked as a duplicate of this bug. ***
Comment 21 Jan Kundrát 2009-02-18 16:39:36 UTC 
Similar behavior with 4.2.0 on Gentoo.
Comment 22 giuseppe 2009-12-28 01:57:20 UTC 
4.3.4...some sites(expecially with long adress)
don't display the green shield!
:(
Comment 23 Fred Wells 2010-02-12 06:25:30 UTC 
Problem still exists with 4.3.5.   This is a *VERY SERIOUS BUG* that I hope will garner some serious attention from developers.  This is more than just a cosmetic problem.  Users absolutely need to be able to trust their browser to reflect the security state of web sites.  I can't even use (trust) Konqueror for e-commerce due to this problem and am instead forced to use Firefox.  As much fanfare as Firefox gets in the open-source community, Konqueror remains KDE's browser.  Serious bugs like this one lying unattended for years is incredibly disappointing.
Comment 24 Dawit Alemayehu 2010-03-28 17:18:24 UTC 
SVN commit 1108311 by adawit:

- Retain SSL meta-data on redirection of a KIO::Job as appropriate.
  See http://reviewboard.kde.org/r/3364 for details.

CCBUG:154060


 M  +50 -3     job.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1108311
Comment 25 Andreas Hartmetz 2010-12-26 07:05:27 UTC 
SVN commit 1209241 by ahartmetz:

Revert r1108311, it's not needed anymore because r1170756 fixes the bug
completely to the best of my knowledge. Closing the bug while I'm at it.
BUG: 154060


 M  +0 -47     job.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1209241