Bug 254268

Summary: No support for TLS extension SNI
Product: [Unmaintained] kio Reporter: alex
Component: generalAssignee: David Faure <faure>
Status: RESOLVED DUPLICATE    
Severity: normal CC: meyerm
Priority: NOR    
Version: 4.5   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description alex 2010-10-15 15:36:00 UTC 
Version:           4.5 (using KDE 4.5.2) 
OS:                Linux

SNI, Server Name Identification is an extension to TLS that allows the client to request the domain name before the certificate is committed to by the server. This allows you do have multiple websites using TLS but all on the same IP address.

When clicking on a https URL within KMail that goes to one of our websites which is on a server using SNI, I get an error message stating the TLS/SSL certificate is invalid since it is using the wrong certificate for the domain I am actually accessing.

Reproducible: Always

Steps to Reproduce:
Setup a httpd server and use SNI so host multiple TLS websites on 1 IP address
Click on a link in KMail to open this in the default browser

Actual Results:  
Dialog box from KIOExec state the certificate is incorrect

Expected Results:  
Default browser should open the URL just fine
Comment 1 meyerm 2011-01-28 23:59:13 UTC 
See #174933 and #122433 . George Staikos said on 2006-03-09:
"Supported in 0.9.9.  Will add for 4.0"

So the devs are at least aware ;-)
Comment 2 Myriam Schweingruber 2012-07-31 22:25:50 UTC 

*** This bug has been marked as a duplicate of bug 304212 ***