Bug 413513

Summary: ssl certs for s.cn.bing.net are not trusted
Product: [Applications] Falkon Reporter: xqqy189
Component: generalAssignee: David Rosca <nowrep>
Status: RESOLVED NOT A BUG    
Severity: normal CC: jurajoravec
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description xqqy189 2019-10-27 10:52:52 UTC 
SUMMARY
Just as the title said, when browser https://s.cn.bing.net, It will shows this site's cert are not trusted by falkon
This url is used for Microsoft Bing search in China mainland to provide pictures. 

STEPS TO REPRODUCE
1. open https://s.cn.bing.net in falkon

OBSERVED RESULT
It says the ssl certificate has ssl errors. 

EXPECTED RESULT
open the bing site.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
Operating System: KDE neon 5.17
KDE Plasma Version: 5.17.1
KDE Frameworks Version: 5.63.0
Qt Version: 5.13.1
Kernel Version: 5.0.0-32-generic
OS Type: 64-bit
Processors: 4 × Intel® Core™ i5-4460 CPU @ 3.20GHz
Memory: 7.7 GiB


ADDITIONAL INFORMATION

Wget also think this certificate are not trust.
However, Chrome and Firefox think its certificate is ok.
Which make things more strange is when I use use Firefox in manjaro(I just want to play for a while,the newest version). If I type in "https://s.cn.bing.net" when firefox hasn't start before in liveCD and this site is the first site I opened with firefox, it will shows this site's cert is "SEC_ERROR_UNKNOWN_ISSUER". But if I open "https://cn.bing.com" which use "https://s.cn.bing.net" as a CDN url and search something such "asd" first, then open "https://s.cn.bing.net" will not show this error anymore.

That site's CA certificate is Microsoft TLS CA 5
Its key chain seems is "s.cn.bing.net"-"Microsfot TLS CA 5"- "Balitmore CyberTrust ROOT"  by FireFox
Comment 1 Juraj 2024-08-24 07:44:37 UTC 
Falkon uses system certificates for ssl stuff, while Firefox and Chromium maintain their own certificates on top of the system ones.