Bug 155564

Summary: konqueror / Kopete "SSL negotiation failed" due to Qt loading unversioned libssl.so and libcrypto.so
Product: [Frameworks and Libraries] kio Reporter: Alfredo Amaya <alfreito>
Component: ksslAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: ahartmetz, gbcox, mefoster, mgraesslin, orion, projects.gg.aaron, rdieter, smorg, thiago
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: OpenSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Attachments: This is the error. Could be it then an openSUSE error?

Description Alfredo Amaya 2008-01-12 20:43:04 UTC
Version:            (using KDE KDE 4.0.0)
Installed from:    SuSE RPMs
OS:                Linux

When I try connect to https://mail.google.com from konqueror, I receive an "SSL negotiation failed" error in KDE 4, but it works in KDE 3.5.8
Comment 1 Maksim Orlovich 2008-01-12 20:56:44 UTC
Works here... 
Comment 2 Alfredo Amaya 2008-01-13 02:41:39 UTC
Created attachment 22978 [details]
This is the error. Could be it then an openSUSE error?
Comment 3 Alejandro Lorenzo 2008-01-13 11:01:06 UTC
Works for me
Comment 4 Alfredo Amaya 2008-01-13 12:49:44 UTC
I'm using the 4.0.0 release 2.2 version. I've just updated with the last KDE4 packages, ant the error remains. I want remember I'm trying connect to https, not http: https://mail.google.com
Comment 5 Martin Flöser 2008-01-13 20:33:28 UTC
I also have some problems with https. I can't access my own server (untrusted certificate). With KDE 3.5 Konqueror asked if I want to accept the certificate. This does not happen any more.

The address listed above is working for me. I use ubuntu packages for amd64.
Comment 6 Tomas Tichy 2008-01-25 23:27:17 UTC
I can confirm this bug on OpenSuse 10.3 running KDE 4.0.0. I happens on every https site I try to access.
Comment 7 Martin Flöser 2008-01-26 11:52:33 UTC
Just discovered a little bit. First of all I use CACert certificates and I have imported the root certificate in Konqueror. I only issued a certificate for my main domain (martin-graesslin.com) but only used subdomains (e.g. mail.martin-graesslin.com) for my secured sites. Of course the domain does not fit the one of the certificate (I did not care as I do not need authentification). It seems that this is at least for me the reason why it is not working. I just issued an certificate for a subdomain and this certificate is working, now.

So if the domain does not fit the one defined in the certificate Konqueror just cancels the connection without asking the user to accept the certificate anyway like Konqueror used to do in 3.5 or Firefox.
Comment 8 Martin Flöser 2008-01-31 19:57:52 UTC
Here a crash report (used konqueror build from trunk):
kio_http(3397)/kio (kioslave) KIO::SlaveBase::checkCachedAuthentication: SlaveBase::checkCachedAuthInfo window =  71303169  url =  "https://mail.martin-graesslin.com/"
kded(3346)/kio (KPasswdServer) KPasswdServer::checkAuthInfo: KPasswdServer::checkAuthInfo: User=  "" , WindowId =  71303169
kio_http(3397) HTTPProtocol::httpOpen: ============ Sending Header:
kio_http(3397) HTTPProtocol::httpOpen: "GET / HTTP/1.1"
kio_http(3397) HTTPProtocol::httpOpen: "Connection: Keep-Alive"
kio_http(3397) HTTPProtocol::httpOpen: "User-Agent: Mozilla/5.0 (compatible; Konqueror/4.0; Linux) KHTML/4.0.60 (like Gecko)"
kio_http(3397) HTTPProtocol::httpOpen: "Accept: text/html, image/jpeg, image/png, text/*, image/*, */*"
kio_http(3397) HTTPProtocol::httpOpen: "Accept-Encoding: x-gzip, x-deflate, gzip, deflate"
kio_http(3397) HTTPProtocol::httpOpen: "Accept-Charset: utf-8, utf-8;q=0.5, *;q=0.5"
kio_http(3397) HTTPProtocol::httpOpen: "Accept-Language: en-US, en"
kio_http(3397) HTTPProtocol::httpOpen: "Host: mail.martin-graesslin.com"
kio_http(3397)/kssl KIO::TCPSlaveBase::disconnectFromHost:
kio_http(3397)/kssl KIO::TCPSlaveBase::connectToHost: before connectToHost: Socket error is  0 , Socket state is  0
kio_http(3397)/kssl KIO::TCPSlaveBase::connectToHost: after connectToHost: Socket error is  0 , Socket state is  1
kio_http(3397)/kssl KIO::TCPSlaveBase::connectToHost: after waitForConnected: Socket error is  0 , Socket state is  3 , waitForConnected returned  true
kioslave: ####### CRASH ###### protocol = https pid = 3397 signal = 11
/home/kde-devel/kde/lib/libkio.so.5[0x2aeb4ff03d51]
/lib/libc.so.6[0x2aeb54e697d0]
/usr/lib/libQtCore.so.4(_ZN10QByteArrayC1EPKci+0xda)[0x2aeb4f137d9c]
/usr/lib/libQtNetwork.so.4(_ZNK15QSslCertificate21alternateSubjectNamesEv+0x92)[0x2aeb5254521e]
/usr/lib/libQtNetwork.so.4[0x2aeb5254f26f]
/usr/lib/libQtNetwork.so.4[0x2aeb525502f4]
/usr/lib/libQtNetwork.so.4[0x2aeb5254a11c]
/usr/lib/libQtNetwork.so.4(_ZN10QSslSocket11qt_metacallEN11QMetaObject4CallEiPPv+0x1d0)[0x2aeb5254b8b0]
/usr/lib/libQtCore.so.4(_ZN11QMetaObject8activateEP7QObjectiiPPv+0x69a)[0x2aeb4f1f5770]
/usr/lib/libQtCore.so.4(_ZN11QMetaObject8activateEP7QObjectPKS_iPPv+0x83)[0x2aeb4f1f5bbb]
/usr/lib/libQtCore.so.4(_ZN9QIODevice9readyReadEv+0x26)[0x2aeb4f2191f4]
/usr/lib/libQtNetwork.so.4[0x2aeb52536ca7]
/usr/lib/libQtNetwork.so.4(_ZN15QAbstractSocket16waitForReadyReadEi+0x1db)[0x2aeb52537f05]
/usr/lib/libQtNetwork.so.4(_ZN10QSslSocket16waitForEncryptedEi+0x144)[0x2aeb5254bbec]
/home/kde-devel/kde/lib/libkdecore.so.5(_ZN10KTcpSocket16waitForEncryptedEi+0x30)[0x2aeb4f837e9a]
/home/kde-devel/kde/lib/libkio.so.5(_ZN3KIO12TCPSlaveBase16startTLSInternalEv+0xcd)[0x2aeb4ff09db7]
/home/kde-devel/kde/lib/libkio.so.5(_ZN3KIO12TCPSlaveBase13connectToHostERK7QStringS3_t+0x8ca)[0x2aeb4ff0b64e]
/home/kde-devel/kde/lib/kde4/kio_http.so[0x2aeb579a517d]
/home/kde-devel/kde/lib/kde4/kio_http.so[0x2aeb579afa43]
/home/kde-devel/kde/lib/kde4/kio_http.so[0x2aeb579afe8c]
/home/kde-devel/kde/lib/kde4/kio_http.so[0x2aeb579b0124]
/home/kde-devel/kde/lib/kde4/kio_http.so[0x2aeb579b5e66]
/home/kde-devel/kde/lib/libkio.so.5(_ZN3KIO9SlaveBase8dispatchEiRK10QByteArray+0x409)[0x2aeb4ff024a7]
/home/kde-devel/kde/lib/libkio.so.5(_ZN3KIO9SlaveBase12dispatchLoopEv+0x27a)[0x2aeb4ff02e10]
/home/kde-devel/kde/lib/kde4/kio_http.so(kdemain+0x17c)[0x2aeb579b71da]
kdeinit4: kio_http [kdeinit] https loca[0x406d78]
kdeinit4: kio_http [kdeinit] https loca[0x4078ae]
kdeinit4: kio_http [kdeinit] https loca[0x408131]
kdeinit4: kio_http [kdeinit] https loca[0x408b49]
/lib/libc.so.6(__libc_start_main+0xf4)[0x2aeb54e55b44]
kdeinit4: kio_http [kdeinit] https loca[0x404319]
kdeinit4: PID 3397 terminated.
konqueror(3328)/kio (Slave) KIO::Slave::gotInput: slave died pid =  3397
Comment 9 JPD 2008-02-08 02:52:57 UTC
I am having this same trouble with konqueror 3.5.8 in Gentoo.
Comment 10 JPD 2008-02-08 19:01:42 UTC
Downgrading from OpenSSL 0.9.8g to 0.9.8f resolved the problem for me. Someone may need to test this in KDE4 to see if it is the same problem.
Comment 11 Felix Leimbach 2008-02-12 17:12:17 UTC
Got the same problem here on KDE 4.0.1 from the gentoo packages. Not on every SSL site, only on some. Interestingly I can access one of my servers via https which uses self signed certificates.
That is with openssl-0.9.8g

Downgrading to openssl-0.9.8f and re-opening konqueror did change anything.
Comment 12 Felix Leimbach 2008-02-12 17:51:38 UTC
the last sentence in the last post is meant to say: "downgrading openssl ... did NOT change anything"
Comment 13 Felix Leimbach 2008-02-14 20:58:47 UTC
it seems that downgrading to openssl-0.9.8f DOES indeed help, but only after a complete KDE restart. My previous comments where made after restarting only konqueror which was not enough.
Anyhow, now with the older openssl all broken before SSL pages are working nicely.
Comment 14 Luke 2008-02-28 12:43:30 UTC
I'm using Opensuse 10.3 with KDE4, openssl 0.98e-45.5 and I'm also experiencing this bug. It affects both browsing any HTTPS sites in Konqueror as well as using Kopete to connect to SSL-enabled protocols such as MSN.

Both Firefox and Konqueror 3.5.9 on the same machine work fine with HTTPS sites the issue appears limited to KDE4/QT4.
Comment 15 Luke 2008-02-28 12:44:33 UTC
*** This bug has been confirmed by popular vote. ***
Comment 16 Gerald Cox 2008-03-13 04:21:16 UTC
Problem is also showing up in F9 Alpha:
https://bugzilla.redhat.com/show_bug.cgi?id=432271

I am also experiencing the issue with Kopote, and opened a bug for that:
https://bugzilla.redhat.com/show_bug.cgi?id=436974

Looks like it isn't distribution related.


Comment 17 Gerald Cox 2008-03-13 04:28:25 UTC
Wonder if there is a hardware
dependency - I'm running AMD64 and having the issue.

Comment 18 Gerald Cox 2008-03-13 04:32:10 UTC
Looks like this also might have a impact on this kopete issue:
https://bugs.kde.org/show_bug.cgi?id=159119
Comment 19 Luke 2008-03-13 13:40:25 UTC
I'm experiencing it on an Intel Centrino (Dothan) system so I don't think its hardware related.
Comment 20 nihui 2008-03-13 15:06:56 UTC
happened to me , too.

KDE 4.0.2 branch svn 783067
couldn't access "https://"
also i can't connect msn with kopete4 with the same problem(shown in the Konsole output)

Magic Linux 2.1
source compiled
already installed qca, qca-tls, qca2, qca-ossl
openssl-0.9.8e

Comment 21 Charles Fryett 2008-03-17 16:18:47 UTC
The problem seems to now been fixed in opensuse10.3 using KDE4.0.1 release 14.3 (20080201),openssl-0.9.8e.

I cant remember exactly when it started working again as I had been using konqueror3.5.8 for https:// 
Comment 22 Gerald Cox 2008-03-17 17:01:31 UTC
If that is the case, whatever fixed it appears to have regressed.  Not working
with F9 running:
openssl-0.9.8g-6.fc9.x86_64
kdebase-4.0.2-2.fc9.x86_64
Comment 23 Rex Dieter 2008-03-18 14:15:53 UTC
Re: comment #22
Fwiw, the only time konq/https did not work for me was due to a fedora-specific openssl bug where SHLIB_VERSION_NUMBER was incorrect ( https://bugzilla.redhat.com/429846), which has been long-fixed.

Otherwise, I'm stumped why some folks continue to see this, and some don't. ?? (Does qca-ossl interact here?)
Comment 24 Javier Hernandez 2008-03-26 10:52:13 UTC
Hello,

In OpenSuse 10.3 running on x86 laptop, with latest updates, seems to be fixed.
I can't tell you exact versions of packages right now, but can look at it later at home if someone is interested.

Best regards.
Comment 25 Orion Poplawski 2008-03-31 21:06:38 UTC
The problem is QSslSocket is trying to load "libssl.so".  So it works if you have openssl-devel installed, but not if you don't.  Somehow it needs to be taught to look for "libssl.so.0.9.8g" or whatever is installed on the system.
Comment 26 Orion Poplawski 2008-03-31 21:08:50 UTC
Probably make that "libssl.so.7" which I believe is the soname.
Comment 27 Rex Dieter 2008-03-31 21:33:44 UTC
Orion, are you sure?  The code contains:
#ifdef SHLIB_VERSION_NUMBER
<< "libssl.so." SHLIB_VERSION_NUMBER
#endif
(on on fedora anyway, SHLIB_VERSION_NUMBER is set to 0.9.8g, or should be anyway)
Comment 28 Marek Aaron Sapota 2008-03-31 22:13:04 UTC
I do have /usr/lib/libssl.so, I don't know about devel package, because I compile it from sources, and still konqueror's ssl doesn't work (to be specific it sometimes works - about one time in twenty).
Comment 29 Neil Whelchel 2008-04-01 00:47:53 UTC
In the browser settings, Crypto tab, if libssl.so is not found an error is posted there. (I moved libssl.so (link) and libssl.so.0.9.8 out of the lib directory and tried it.) When I replace libssl, there is no error, and the ssl test button returns success, but I am still unable to load any https documents.
Comment 30 Luke 2008-04-01 12:47:26 UTC
Thankyou Orion! Installing libopenssl-devel on Opensuse 10.3 resolved the issue immediately for me. 
Comment 31 Orion Poplawski 2008-04-01 22:32:51 UTC
I think it's a Qt issue.  

qt-x11-opensource-src-4.3.4/src/network/qsslsocket_openssl_symbols.cpp:257:

    QLibrary libssl(QLatin1String("ssl"));
    if (!libssl.load()) {
        // Cannot find libssl
        qWarning("QSslSocket: cannot find ssl library: %s.",
                 qPrintable(libssl.errorString()));
        return false;
    }

Seems like this needs to be libssl(QLatin1String("ssl"),SSL_VERSION) with SSL_VERSION = 7 in Fedora devel.


So it's asking QLibrary to load "libssl.so".
Comment 32 Kevin Kofler 2008-04-02 15:51:29 UTC
In Fedora, we patched Qt to fix the above section of code and that fixes it. I guess this means this should be reported to Trolltech.
Comment 33 Kevin Kofler 2008-04-02 15:56:14 UTC
*** Bug 159119 has been marked as a duplicate of this bug. ***
Comment 34 Thiago Macieira 2008-04-02 22:53:49 UTC
Fixed in Qt 4.4 about a month ago, post beta 1.

Will not backport to 4.3. Either upgrade to Qt 4.4 or install the libssl.so and libcrypto.so symlinks.
Comment 35 Alfredo Amaya 2008-04-02 23:06:08 UTC
Solved in openSUSE 10.3 with KDE 4.0.3
Comment 36 Dennis veatch 2008-04-03 03:59:10 UTC
Regarding Comment #34;

I have compiled this from source and these symlinks- 

dveatch@sidney ~ $ ls -al /usr/lib/libssl.so
lrwxrwxrwx 1 root root 15 2008-03-10 14:35 /usr/lib/libssl.so -> libssl.so.0.9.8

and 

dveatch@sidney ~ $ ls -al /usr/lib/libcrypto.so
lrwxrwxrwx 1 root root 18 2008-03-10 14:35 /usr/lib/libcrypto.so -> libcrypto.so.0.9.8

using Qt-4.3.4 and this still persists. 
Comment 37 Marek Aaron Sapota 2008-04-03 06:56:34 UTC
Same here - symlinks doesn't work for me.
Comment 38 Skander Morgenthaler 2008-04-03 14:03:26 UTC
I do have those symlinks and "OpenSSL was successfully loaded" according to konqueror - but still konqueror fails on almost every https request. Using gentoo ~amd64, openssl-0.9.8g-r1 and a recent 4.0 branch checkout (post 4.0.3).
Comment 39 Orion Poplawski 2008-04-03 17:47:04 UTC
Useful information would be output from konqueror run in a terminal and the contents of ~/.xsession-errors (or wherever your distribution puts X session errors).
Comment 40 Thiago Macieira 2008-04-03 17:50:11 UTC
qt-copy has been updated to Qt 4.4.0 RC1, which includes the fix.
Comment 41 Thomas Brix Larsen 2008-04-03 18:35:57 UTC
kio_http(9689)/kio (kioslave) KIO::SlaveBase::checkCachedAuthentication: SlaveBase::checkCachedAuthInfo window =  0  url =  "https://nexus.passport.com/rdr/pprdr.asp"
kio_http(9689) HTTPProtocol::httpOpen: ============ Sending Header:
kio_http(9689) HTTPProtocol::httpOpen: "GET /rdr/pprdr.asp HTTP/1.1"
kio_http(9689) HTTPProtocol::httpOpen: "Connection: Keep-Alive"
kio_http(9689) HTTPProtocol::httpOpen: "User-Agent: Mozilla/5.0 (compatible; Konqueror/4.0; Linux) KHTML/4.0.3 (like Gecko)"
kio_http(9689) HTTPProtocol::httpOpen: "Pragma: no-cache"
kio_http(9689) HTTPProtocol::httpOpen: "Cache-control: no-cache"
kio_http(9689) HTTPProtocol::httpOpen: "Accept: text/html, image/jpeg, image/png, text/*, image/*, */*"
kio_http(9689) HTTPProtocol::httpOpen: "Accept-Encoding: x-gzip, x-deflate, gzip, deflate"
kio_http(9689) HTTPProtocol::httpOpen: "Accept-Charset: utf-8, utf-8;q=0.5, *;q=0.5"
kio_http(9689) HTTPProtocol::httpOpen: "Accept-Language: da, en-US, en"
kio_http(9689) HTTPProtocol::httpOpen: "Host: nexus.passport.com"
kio_http(9689)/kssl KIO::TCPSlaveBase::disconnectFromHost:
kio_http(9689)/kssl KIO::TCPSlaveBase::connectToHost: before connectToHost: Socket error is  6 , Socket state is  0
kio_http(9689)/kssl KIO::TCPSlaveBase::connectToHost: after connectToHost: Socket error is  6 , Socket state is  1
kio_http(9689)/kssl KIO::TCPSlaveBase::connectToHost: after waitForConnected: Socket error is  6 , Socket state is  3 , waitForConnected returned  true
kio_http(9689)/kssl KIO::TCPSlaveBase::startTLSInternal: Initial SSL handshake failed. encryptionStarted is false , cipher.isNull() is true , cipher.usedBits() is 0 , the socket says: "Unknown error" and the list of SSL errors contains 0 items.
kopete(9675)/kio (KIOJob) KIO::SlaveInterface::dispatch: error  123   "nexus.passport.com: SSL negotiation failed"

Gentoo ~amd64: openssl-0.9.8g, kde-4.0.3+ (svn), symlinks in-place.
Comment 42 Skander Morgenthaler 2008-04-03 19:03:57 UTC
terminal output:

skander@balar ~ $ konqueror https://bugs.kde.org
konqueror(17540)/kdecore (KSycoca) KSycocaPrivate::openDatabase: Trying to open ksycoca from  "/var/tmp/kdecache-skander/ksycoca4"
konqueror(17540)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkshorturifilter.so"
konqueror(17540)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkurisearchfilter.so"
konqueror(17540)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "liblocaldomainurifilter.so"
konqueror(17540)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkuriikwsfilter.so"
konqueror(17540)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libfixhosturifilter.so"
konqueror(17540)/kdecore (KNetwork resolver) <unnamed>::ResInitUsage::shouldResInit: shouldResInit: /etc/resolv.conf updated
konqueror(17540)/kdecore (KConfigSkeleton) KCoreConfigSkeleton::KCoreConfigSkeleton: Creating KCoreConfigSkeleton ( 0x775b60 )
konqueror(17540)/kdecore (KConfigSkeleton) KCoreConfigSkeleton::readConfig: KCoreConfigSkeleton::readConfig()
konqueror(17540)/kparts KParts::MainWindow::createGUI: MainWindow::createGUI, part= QObject(0x0)       ""
konqueror(17540)/kdecore (trader) KMimeTypeTrader::query: query for mimeType  "text/html" ,  "Application"  : returning 5  offers
konqueror(17540)/kdecore (trader) KMimeTypeTrader::query: query for mimeType  "text/html" ,  "KParts/ReadOnlyPart"  : returning  2  offers
konqueror(17540)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkhtmlpart.so"
konqueror(17540)/kdecore (KLibLoader) kde4Factory: The library "/usr/kde/svn/lib64/kde4/libkhtmlpart.so" does not offera qt_plugin_instance function.
konqueror(17540)/khtml KHTMLFactory::KHTMLFactory: KHTMLFactory(0xc87670)
konqueror(17540)/kparts KParts::Plugin::pluginInfos: found KParts Plugin :  "/usr/kde/svn/share/apps/khtml/kpartplugins/kget_plug_in.rc"
konqueror(17540)/kparts KParts::Plugin::pluginInfos: found KParts Plugin :  "/usr/kde/svn/share/apps/khtml/kpartplugins/khtmlkttsd.rc"
konqueror(17540)/kparts KParts::Plugin::loadPlugins: load plugin  "khtml_kget"
konqueror(17540)/kdecore (KLibLoader) kde4Factory: The library "/usr/kde/svn/lib64/kde4/khtml_kget.so" does not offer aqt_plugin_instance function.
konqueror(17540)/kparts KParts::Plugin::loadPlugins: load plugin  "khtmlkttsdplugin"
konqueror(17540)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkhtmlkttsdplugin.so"
konqueror(17540)/kdecore (KLibLoader) kde4Factory: The library "/usr/kde/svn/lib64/kde4/libkhtmlkttsdplugin.so" does not offer a qt_plugin_instance function.
konqueror(17540)/kparts KParts::PartManager::setActivePart: KonqViewManager(0x759d00)  emitting activePartChanged  KHTMLPart(0xc96790)
konqueror(17540)/kparts KParts::MainWindow::createGUI: MainWindow::createGUI, part= KHTMLPart(0xc96790)   KHTMLPart   ""
QPainter::begin: Widget painting can only begin as a result of a paintEvent
QPainter::setWorldTransform: Painter not active
konqueror(17540)/kparts KParts::BrowserRun::scanFile: BrowserRun::scanfile KUrl("https://bugs.kde.org")
konqueror(17540)/kio (bookmarks) KBookmarkManager::toolbar: KBookmarkManager::toolbar begin
fillBookmarkBar "bookmark toolbar"
bm is  "[...]"
konqueror(17540)/kio (KIOConnection) KIO::ConnectionServer::listenForRemote: Listening on  "local:/tmp/ksocket-skander/konquerorJ17540.slave-socket"
konqueror(17540)/kio (Slave) KIO::Slave::createSlave: createSlave ' "https" ' for  "https://bugs.kde.org"
konqueror(17540)/kio (KIOConnection) KIO::ConnectionServer::listenForRemote: Listening on  "local:/tmp/ksocket-skander/konquerory17540.slave-socket"
konqueror(17540)/kdeui (KIconLoader) KIconLoader::loadIcon: No such icon "www"
konqueror(17540)/kio (KIOJob) KIO::TransferJob::slotRedirection: TransferJob::slotRedirection( KUrl("https://bugs.kde.org/") )
konqueror(17540)/kio (KIOJob) KIO::SlaveInterface::dispatch: error  123   "bugs.kde.org: SSL negotiation failed"
konqueror(17540)/kparts KParts::BrowserRun::slotBrowserScanFinished: BrowserRun::slotBrowserScanFinished
konqueror(17540)/kdecore (trader) KMimeTypeTrader::weightedOffers: KMimeTypeTrader::weightedOffers(  "text/html" ,  "Application"  )
konqueror(17540)/khtml (part) KHTMLPart::openUrl: KHTMLPart( KHTMLPart(0xc96790) )::openURL  "error:/?error=123&errText=bugs.kde.org%3A%20SSL%20negotiation%20failed#https://bugs.kde.org"
konqueror(17540)/khtml (part) KHTMLPart::htmlError: KHTMLPart::htmlError errorCode= 123  text= "bugs.kde.org: SSL negotiation failed"
konqueror(17540)/khtml (part) KHTMLPart::saveState: "" saveState this= KHTMLPart(0xc96790)  ' "" ' saving URL  "https://bugs.kde.org"
konqueror(17540)/khtml (part) KHTMLPart::saveState: "" saveState this= KHTMLPart(0xc96790)  ' "" ' saving URL  "https://bugs.kde.org"
konqueror(17540)/khtml (part) KHTMLPart::saveState: "" saveState this= KHTMLPart(0xc96790)  ' "" ' saving URL  "https://bugs.kde.org

new content of ~/.xsession-errors after running konqueror from alt-f2:

konqueror(17578)/kdecore (KSycoca) KSycocaPrivate::openDatabase: Trying to open ksycoca from  "/var/tmp/kdecache-skander/ksycoca4"
konqueror(17578)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkshorturifilter.so"
konqueror(17578)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkurisearchfilter.so"
konqueror(17578)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "liblocaldomainurifilter.so"
konqueror(17578)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkuriikwsfilter.so"
konqueror(17578)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libfixhosturifilter.so"
konqueror(17578)/kdecore (KNetwork resolver) <unnamed>::ResInitUsage::shouldResInit: shouldResInit: /etc/resolv.conf updated
konqueror(17578)/kdecore (KConfigSkeleton) KCoreConfigSkeleton::KCoreConfigSkeleton: Creating KCoreConfigSkeleton ( 0x775b10 )
konqueror(17578)/kdecore (KConfigSkeleton) KCoreConfigSkeleton::readConfig: KCoreConfigSkeleton::readConfig()
konqueror(17578)/kparts KParts::MainWindow::createGUI: MainWindow::createGUI, part= QObject(0x0)       ""
konqueror(17578)/kdecore (trader) KMimeTypeTrader::query: query for mimeType  "text/html" ,  "Application"  : returning 5  offers
konqueror(17578)/kdecore (trader) KMimeTypeTrader::query: query for mimeType  "text/html" ,  "KParts/ReadOnlyPart"  : returning  2  offers
konqueror(17578)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkhtmlpart.so"
konqueror(17578)/kdecore (KLibLoader) kde4Factory: The library "/usr/kde/svn/lib64/kde4/libkhtmlpart.so" does not offera qt_plugin_instance function.
konqueror(17578)/khtml KHTMLFactory::KHTMLFactory: KHTMLFactory(0xc87720)
konqueror(17578)/kparts KParts::Plugin::pluginInfos: found KParts Plugin :  "/usr/kde/svn/share/apps/khtml/kpartplugins/kget_plug_in.rc"
konqueror(17578)/kparts KParts::Plugin::pluginInfos: found KParts Plugin :  "/usr/kde/svn/share/apps/khtml/kpartplugins/khtmlkttsd.rc"
konqueror(17578)/kparts KParts::Plugin::loadPlugins: load plugin  "khtml_kget"
konqueror(17578)/kdecore (KLibLoader) kde4Factory: The library "/usr/kde/svn/lib64/kde4/khtml_kget.so" does not offer aqt_plugin_instance function.
konqueror(17578)/kparts KParts::Plugin::loadPlugins: load plugin  "khtmlkttsdplugin"
konqueror(17578)/kdecore (KLibLoader) findLibraryInternal: plugins should not have a 'lib' prefix: "libkhtmlkttsdplugin.so"
konqueror(17578)/kdecore (KLibLoader) kde4Factory: The library "/usr/kde/svn/lib64/kde4/libkhtmlkttsdplugin.so" does not offer a qt_plugin_instance function.
konqueror(17578)/kparts KParts::PartManager::setActivePart: KonqViewManager(0x759bd0)  emitting activePartChanged  KHTMLPart(0xc96770)
konqueror(17578)/kparts KParts::MainWindow::createGUI: MainWindow::createGUI, part= KHTMLPart(0xc96770)   KHTMLPart   ""
[... some kwin output ...]
QPainter::begin: Widget painting can only begin as a result of a paintEvent
QPainter::setWorldTransform: Painter not active
konqueror(17578)/kparts KParts::BrowserRun::scanFile: BrowserRun::scanfile KUrl("https://bugs.kde.org")
konqueror(17578)/kio (bookmarks) KBookmarkManager::toolbar: KBookmarkManager::toolbar begin
fillBookmarkBar "bookmark toolbar"
bm is  "[...]"
kwin: X Error (error: <unknown>[DAMAGE+0], request: XDamageDestroy[DAMAGE+2], resource: 0x1420dd4)
konqueror(17578)/kio (KIOConnection) KIO::ConnectionServer::listenForRemote: Listening on  "local:/tmp/ksocket-skander/konquerorJ17578.slave-socket"
konqueror(17578)/kio (Slave) KIO::Slave::createSlave: createSlave ' "https" ' for  "https://bugs.kde.org"
konqueror(17578)/kio (KIOConnection) KIO::ConnectionServer::listenForRemote: Listening on  "local:/tmp/ksocket-skander/konquerory17578.slave-socket"
klauncher(4445)/kio (KLauncher) KLauncher::requestSlave: KLauncher: launching new slave  "kio_http"  with protocol= "https"  args= ("https", "local:/tmp/ksocket-skander/klauncherMT4445.slave-socket", "local:/tmp/ksocket-skander/konquerory17578.slave-socket")
kdeinit4: Got EXEC_NEW 'kio_http' from launcher.
kdeinit4: preparing to launch
klauncher(4445)/kio (KLauncher) KLauncher::processRequestReturn: "kio_http" (pid 17584) up and running.
konqueror(17578)/kdeui (KIconLoader) KIconLoader::loadIcon: No such icon "www"
konqueror(17578)/kio (KIOJob) KIO::TransferJob::slotRedirection: TransferJob::slotRedirection( KUrl("https://bugs.kde.org/") )
kio_http(17584)/kio (kioslave) KIO::SlaveBase::checkCachedAuthentication: SlaveBase::checkCachedAuthInfo window =  62914561  url =  "https://bugs.kde.org/"
kio_http(17584) HTTPProtocol::httpOpen: ============ Sending Header:
kio_http(17584) HTTPProtocol::httpOpen: "GET / HTTP/1.1"
kio_http(17584) HTTPProtocol::httpOpen: "Connection: Keep-Alive"
kio_http(17584) HTTPProtocol::httpOpen: "User-Agent: Mozilla/5.0 (compatible; Konqueror/4.0; Linux) KHTML/4.0.3 (like Gecko)"
kio_http(17584) HTTPProtocol::httpOpen: "Accept: text/html, image/jpeg, image/png, text/*, image/*, */*"
kio_http(17584) HTTPProtocol::httpOpen: "Accept-Encoding: x-gzip, x-deflate, gzip, deflate"
kio_http(17584) HTTPProtocol::httpOpen: "Accept-Charset: iso-8859-15, utf-8;q=0.5, *;q=0.5"
kio_http(17584) HTTPProtocol::httpOpen: "Accept-Language: en-US, en"
kio_http(17584) HTTPProtocol::httpOpen: "Host: bugs.kde.org"
kio_http(17584) HTTPProtocol::httpOpen: "Cookie: Bugzilla_logincookie=355232; Bugzilla_login=smorg@gmx.de; BUGLIST=44678:47600:55777:66016:66117:83442:83857:85237:86273:103062:107619:107997:108206:109694:109724:109818:110969:113674:117480:119595:120418:121948:126096:126620:126842:129858:129963:133589:134308:136088:138766:139405:139458:139648:139650:139673:141015:142380:142583:142841:142936:142966:143691:143898:144822:147893:148819:150488:152488:153908:154230:155042:155536:155564:156954:157585:158392; LASTORDER=bugs.bug_id"
kio_http(17584)/kssl KIO::TCPSlaveBase::disconnectFromHost:
kio_http(17584)/kssl KIO::TCPSlaveBase::connectToHost: before connectToHost: Socket error is  0 , Socket state is  0
kio_http(17584)/kssl KIO::TCPSlaveBase::connectToHost: after connectToHost: Socket error is  0 , Socket state is  1
kio_http(17584)/kssl KIO::TCPSlaveBase::connectToHost: after waitForConnected: Socket error is  0 , Socket state is  3 , waitForConnected returned  true
kio_http(17584)/kssl KIO::TCPSlaveBase::startTLSInternal: Initial SSL handshake failed. encryptionStarted is false , cipher.isNull() is true , cipher.usedBits() is 0 , the socket says: "Unknown error" and the list of SSL errors contains 0 items.
konqueror(17578)/kio (KIOJob) KIO::SlaveInterface::dispatch: error  123   "bugs.kde.org: SSL negotiation failed"
konqueror(17578)/kparts KParts::BrowserRun::slotBrowserScanFinished: BrowserRun::slotBrowserScanFinished
konqueror(17578)/kdecore (trader) KMimeTypeTrader::weightedOffers: KMimeTypeTrader::weightedOffers(  "text/html" ,  "Application"  )
konqueror(17578)/khtml (part) KHTMLPart::openUrl: KHTMLPart( KHTMLPart(0xc96770) )::openURL  "error:/?error=123&errText=bugs.kde.org%3A%20SSL%20negotiation%20failed#https://bugs.kde.org"
konqueror(17578)/khtml (part) KHTMLPart::htmlError: KHTMLPart::htmlError errorCode= 123  text= "bugs.kde.org: SSL negotiation failed"
konqueror(17578)/khtml (part) KHTMLPart::saveState: "" saveState this= KHTMLPart(0xc96770)  ' "" ' saving URL  "https://bugs.kde.org"
konqueror(17578)/khtml (part) KHTMLPart::saveState: "" saveState this= KHTMLPart(0xc96770)  ' "" ' saving URL  "https://bugs.kde.org"
konqueror(17578)/khtml (part) KHTMLPart::saveState: "" saveState this= KHTMLPart(0xc96770)  ' "" ' saving URL  "https://bugs.kde.org"
[... output of other processes ...]
Comment 43 Thomas Brix Larsen 2008-04-03 19:06:40 UTC
The following patch to kdelibs makes SSL work again on my system:

--- kio/kio/tcpslavebase.cpp.old        2008-04-03 19:03:06.971477062 +0200
+++ kio/kio/tcpslavebase.cpp    2008-04-03 18:53:40.045143642 +0200
@@ -382,7 +382,7 @@
        before connecting would be rather insecure. */
     d->socket.ignoreSslErrors();
     d->socket.startClientEncryption();
-    const bool encryptionStarted = d->socket.waitForEncrypted(-1);
+    const bool encryptionStarted = d->socket.waitForEncrypted(3000); //-1

     //Set metadata, among other things for the "SSL Details" dialog
     KSslCipher cipher = d->socket.sessionCipher();
Comment 44 Thomas Brix Larsen 2008-04-03 19:10:57 UTC
My testcase, gives 'SSL negotiation failed:  "Network operation timed out"' with -1 and the correct html response with 3000ms), so looks like a Qt problem.

#include <QtNetwork/QSslSocket>

int main()
{
        QSslSocket socket;
        socket.ignoreSslErrors();
        socket.connectToHostEncrypted("nexus.passport.com", 443);
        if (!socket.waitForEncrypted(-1))
        {
                qDebug() << "SSL negotiation failed: " << socket.errorString();
                return -1;
        }

        socket.write("GET /rdr/pprdr.asp HTTP/1.0\r\n\r\n");
        while(socket.waitForReadyRead())
                qDebug() << socket.readAll().data();

        return 0;
}
Comment 45 Thiago Macieira 2008-04-03 19:34:52 UTC
Also fixed in Qt 4.4.0.