Bug 204849

Summary: Konqueror only validates certs by MD5 sum
Product: [Applications] konqueror Reporter: Tim Brown <kde>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: wishlist    
Priority: NOR    
Version: 4.3.0   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Patch to display SHA1 of cert

Description Tim Brown 2009-08-23 11:58:01 UTC 
Version:           4.3.0 (using KDE 4.3.0)
Compiler:          n/a n/a
OS:                Linux
Installed from:    Debian testing/unstable Packages

Konqueror only validates certs by MD5 sum.  It is also not possible to see the SHA1 sum for the cert in the KDE SSL Information window.  MD5 is broken and subject to chosen prefix attacks.
Comment 1 Tim Brown 2009-11-02 01:24:30 UTC 
Created attachment 38019 [details]
Patch to display SHA1 of cert
Comment 2 Tim Brown 2009-11-02 01:26:17 UTC 
This bug has also been reported to Debian as http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525975.
Comment 3 Tim Brown 2009-11-13 13:21:46 UTC 
Fixed with r1048255