Bug 10570 - HTTPS: not working on Solaris
Summary: HTTPS: not working on Solaris
Status: CLOSED FIXED
Alias: None
Product: kdelibs
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: unspecified Other
: NOR normal
Target Milestone: ---
Assignee: Stephan Kulow
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2000-09-14 13:03 UTC by Unknown
Modified: 2005-05-15 13:02 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description James Tappin 2000-09-14 13:00:44 UTC
(*** This bug was imported into bugs.kde.org ***)

Package: kdelibs
Version: CVS 20000912 (about)

System: Solaris 2.7 / Sparc (gcc 2.95/Solaris ld)

When I try to access an https page e.g.=20
https://secure.dabs.com/shopping/orderstatus.asp
I get an error pop-up saying:
"Could not connect to host=20
secure.dabs.com"

I have OpenSSL 0.9.5a installed and the kdelibs & kdebase configures=20
find it OK. In kcontrol personalisation->crypto shows a full list of=20
protocols.

The page given above opens successfully with konqueror on Linux and=20
with Netscape on Solaris.

I've posted this under kdelibs as I'm not sure if its kio or kssl that=20
has a problem (I can't see any way to put something under 2 packages).

James

--=20
+------------------------+-------------------------------+---------+
| James Tappin           | School of Physics & Astronomy |  O__    |
| sjt@star.sr.bham.ac.uk | University of Birmingham      | --  \/` |
| Ph: 0121-414-6462. Fax: 0121-414-3722                  |         |
+--------------------------------------------------------+---------+
Comment 1 George Staikos 2000-09-14 16:58:51 UTC
On Thu 14 Sep 2000 James Tappin wrote:
> Package: kdelibs
> Version: CVS 20000912 (about)
> 
> System: Solaris 2.7 / Sparc (gcc 2.95/Solaris ld)
> 
> When I try to access an https page e.g. 
> https://secure.dabs.com/shopping/orderstatus.asp
> I get an error pop-up saying:
> "Could not connect to host 
> secure.dabs.com"
> 
> I have OpenSSL 0.9.5a installed and the kdelibs & kdebase configures 
> find it OK. In kcontrol personalisation->crypto shows a full list of 
> protocols.
> 
> The page given above opens successfully with konqueror on Linux and 
> with Netscape on Solaris.
> 
> I've posted this under kdelibs as I'm not sure if its kio or kssl that 
> has a problem (I can't see any way to put something under 2 packages).

   Try changing the ciphers to see if it'is a cipher related problem.  For
instance try forcing only SSLv2 or only SSLv3.  Also maybe try selecting
only certain ciphers such as RC4-MD5 based 128 bit algorithms.  It could be
an OpenSSL problem.  My Solaris box is too slow/small to run KDE to test
however I have found sites with Linux that give this result and it ended up
being cipher/ssl version related.

-- 

George Staikos
Comment 2 James Tappin 2000-09-19 11:21:37 UTC
David F says he's fixed it.

--=20
+------------------------+-------------------------------+---------+
| James Tappin           | School of Physics & Astronomy |  O__    |
| sjt@star.sr.bham.ac.uk | University of Birmingham      | --  \/` |
| Ph: 0121-414-6462. Fax: 0121-414-3722                  |         |
+--------------------------------------------------------+---------+
Comment 3 James Tappin 2000-09-29 09:42:33 UTC
On Thu 14 Sep 2000 George Staikos wrote:
>
>    Try changing the ciphers to see if it'is a cipher related problem.
>  For instance try forcing only SSLv2 or only SSLv3.  Also maybe try
> selecting only certain ciphers such as RC4-MD5 based 128 bit
> algorithms.  It could be an OpenSSL problem.  My Solaris box is too
> slow/small to run KDE to test however I have found sites with Linux
> that give this result and it ended up being cipher/ssl version
> related.

Finally managed to do some more checks but still no joy.

1) I've now upgraded to OpenSSL 0.9.6

2) It seems that the following SSLv3 ciphers cause the cannot connect=20
messages:
EXP0124-RC4-SHA
ESP1024-DES-CBC-SHA
EXP1024-RC2-CBC-MD5
FZA-RC4-SHA
FZA-FZA-CBC-SHA
FZA-NULL-SHA
DH-RSA-DES-CBC3-SHA
DH-RSA-DES-CBC-SHA
EXP-DH-RSA-DES-CBC-SHA
DH-DSS-DES-CBC3-SHA
DH-DSS-DES-CBC-SHA
EXP-DH-DSS-DES-CBC-SHA
DES-CBC-SHA
EXP-RCS-CBC-MD5
EXP-RC4-MD5
NULL-SHA
NULL_MD5
And I think at least one other since disabling this list still gives=20
the error.

3) For all SSLv2 ciphers and for other SSLv3 ciphers I get an error=20
that "The process for the https://secure.dabs.com protocol died=20
unexpectedly". The following is the apparently relevant messages from=20
startkde.elog

khtml: Ah https://secure.dabs.com/shopping/orderstatus.asp has been=20
visited some time ago
khtml:=20
m_strSelectedURL=3D'https://secure.dabs.com/shopping/orderstatus.asp'=20
target=3D
khtml: complete URL:https://secure.dabs.com/shopping/orderstatus.asp=20
target =3D
konqueror: KonqMainWindow::openURL : url =3D=20
'https://secure.dabs.com/shopping/orderstatus.asp'  serviceType=3D''=20
view=3D11c1f8
konqueror: KonqView::stop()
khtml (part): saveState!
khtml (part): KHTMLPart::saveState saving URL=20
http://www.dabs.com/home.asp
konqueror: KonqMainWindow::stopAnimation
konqueror: setLocationBarURL : url =3D=20
https://secure.dabs.com/shopping/orderstatus.asp
konqueror: KonqMainWindow::setLocationBarURL : url =3D=20
https://secure.dabs.com/shopping/orderstatus.asp
konqueror: trying openView for=20
https://secure.dabs.com/shopping/orderstatus.asp (servicetype )
konqueror: Creating new konqrun for=20
https://secure.dabs.com/shopping/orderstatus.asp req.typedURL=3D
konqueror: KonqMainWindow::startAnimation
kio (Slave): createSlave for=20
https://secure.dabs.com/shopping/orderstatus.asp
kio (KLauncher): requestSlave https secure.dabs.com
KInit: Got EXEC 'kio_https' from klauncher
kio (KLauncher): kio_https (pid 5594) up and running.
KLauncher doing clientStarted(`kio_https')
kio (KLauncher): Slave launched pid =3D 5594
kio (KLauncher): requestSlave got pid 5594
kio (Slave): PID of slave =3D 5594
kio (KIOJob): TransferJob::start : Sending metadata :
kio (KIOJob):    window-id=3D125829126
kio (Scheduler): PROTOCOL =3D https idle =3D 0
DCOP: register 'anonymous-5594'
kio (KLauncher): KLauncher: Got=20
start_service_by_desktop_name('kcookiejar' ...)
DCOP:  unregister 'anonymous-5594'
kio_http: KSSL constructor enter
kio (Slave): slave has connected to application
kio_http: KSSL initialize
kio_http: KSSL constructor exit
DCOP: register 'anonymous-5594'
kio_http: reparseConfiguration!
kio_http: KLocale::initLanguage setEncodingLang C
kio_http: Languages list set to en_GB en_GB en C
kio (Slave): got answer 26
kio_http: KSSL initialize
kio_http: SSL was initialised.
kio_http: SSL about to connect.
kio_http: KSSL connect
kio_http: KSSL verification logic
kioslave : ###############SEG FAULT#############
DCOP:  unregister 'anonymous-5594'
kdeinit: PID 5594 terminated.
kio (Slave): slave died (1) pid =3D 5594
kio (KIOJob): TransferJob::slotFinished(4292a0=20
https://secure.dabs.com/shopping/orderstatus.asp)
kio (KRun): ERROR: ERROR 43 https://secure.dabs.com
kio (kioslave): slavewrapper: Communication with app lost. Returning to=20
slave pool.=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
=20=20=20=20=20=20=20=20=20=20=20=20=20=20

James

--=20
+------------------------+-------------------------------+---------+
| James Tappin           | School of Physics & Astronomy |  O__    |
| sjt@star.sr.bham.ac.uk | University of Birmingham      | --  \/` |
| Ph: 0121-414-6462. Fax: 0121-414-3722                  |         |
+--------------------------------------------------------+---------+
Comment 4 George Staikos 2000-09-29 10:02:02 UTC
On Fri 29 Sep 2000 James Tappin wrote:

   Turn on TLSv1 and this site will work.  They must have disabled SSLv2/v3
on their server.  We still do need to put in more tests for NULL or errors
though - to avoid crashes.

-- 

George Staikos
Comment 5 Carsten Burghardt 2005-05-15 13:02:57 UTC
*** Bug 105703 has been marked as a duplicate of this bug. ***