Bug 335389

Summary: Konqueror + WebKit displays wrong SSL certificate information (if iframe contains content from another domain)
Product: [Frameworks and Libraries] kwebkitpart Reporter: Christian Boltz <kde-bugs>
Component: generalAssignee: webkit-bugs-null
Status: VERIFIED FIXED    
Severity: normal CC: adawit
Priority: NOR    
Version First Reported In: 1.3.3   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
URL: https://www.neueverwaltung.de/
Latest Commit: http://commits.kde.org/kwebkitpart/719e1837089fea66b07885a47ebebcbedc5c89ea Version Fixed/Implemented In: 1.3.4
Sentry Crash Report:
Attachments: screenshot showing the certificate details

Description Christian Boltz 2014-05-26 20:01:27 UTC 
Created attachment 86840 [details]
screenshot showing the certificate details

Konqueror (with WebKit) displays wrong SSL certificate information. This happens only if the page contains an iframe with content from another domain, like a twitter box.

If you want to see this bug in action, go to https://www.neueverwaltung.de/ and then, after the twitter box is loaded, view the certificate details.

You'll get something like:
Address: www.neueverwaltung.de
IP address: 199.16.156.230  <-- Twitter
Common name: twitter.com
(see attached screenshot for more details)

This bug does _not_ happen:
- on a subpage without a twitter box (I get the correct certificate details of www.neueverwaltung.de there)
- when using KHTML instead of WebKit
- if you view the certificate details very fast, before the twitter box is loaded (which means the twitter certificate "overwrites" the certificate details)
Comment 1 Dawit Alemayehu 2014-05-27 12:27:55 UTC 
Git commit 719e1837089fea66b07885a47ebebcbedc5c89ea by Dawit Alemayehu.
Committed on 27/05/2014 at 12:25.
Pushed by adawit into branch '1.3'.

Show correct SSL information on redirection.
FIXED-IN: 1.3.4

M  +4    -2    src/webpage.cpp

http://commits.kde.org/kwebkitpart/719e1837089fea66b07885a47ebebcbedc5c89ea