Summary: | Certificate warning window does not include a Details button | ||
---|---|---|---|
Product: | [Applications] kopete | Reporter: | Casey Allen Shobe <cshobe> |
Component: | Jabber Plugin | Assignee: | Kopete Developers <kopete-bugs-null> |
Status: | CONFIRMED --- | ||
Severity: | wishlist | CC: | ansgar, kde, modulistic, s.devrieze, subscryer |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Compiled Sources | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Casey Allen Shobe
2004-07-07 08:14:42 UTC
I made a similar experience, only that kopete did not ask me at all, if I whanted to accept the server-certificate. Instead, it just silently accepts it. This is to be considered a bug. This happens only if the certificate is valid or you previously clicked on "accept" and checked "don't ask me again". This issue is still present in kopete/4.3.4 (I'm using the packages from Debian testing). I have written a more detailed bug report in the Debian BTS about this [1] including several suggestions what could be improved: when connecting to a Jabber server via TLS I get a dialog with the following information: The identity and the certificate of server example.com could not be validated for account bob@example.com: The certificate is invalid. The certificate is self-signed. Do you want to continue? [ ] Do not ask again. (Continue) (Cancel) This is not very helful. The following information should be included: 1. Why is the certificate considered invalid? Is it expired? Does the included CN not match the expected value? 2. If it is self-signed, or signed by a CA that is not trusted, it should display more information about the certificate such as the fingerprint and CN. This would make it possible to verify the certificate via some other means. 3. What does "Do not ask again." mean here? Remember this certificate and do not ask again for (this certificate, this server) or never notify me again of certificate problems? [1] http://bugs.debian.org/569772 I agree that the changes suggested in comment #3 should be implemented. The current dialog is not clear enough as to what the issue is and what the proposed action will do. I second this request for a much needed improvement, the current situation could lead to password stealing with man in the middle or, if the certificate is not accepted, a denial of service. Still happens in opensuse 11.3 package: Kopete Version 1.0.0 Using KDE Development Platform 4.4.4 (KDE 4.4.4) "release 2" |