Version: 4.1.00 (KDE 4.0.99 (4.1 RC1+)) (using 4.1.00 (KDE 4.0.99 (4.1 RC1+)), compiled sources)
OS: Linux (i686) release 2.6.25-ARCH
I'm running ArchLinux KDEmod KDE 4.1 RC2 (4.0.99), openssl 0.9.8h and gcc 4.3.1 20080626. A clean user account was used to verify this problem.
Whenever I visit a site with a valid SSL certificate, I get a message that "The hostname did not match any valid hostname in the certificate." After clicking Details one can see that the certificates are in fact valid, and the hostname matches the Common name of the certificate. Moreover, Firefox 3.0 recognizes these certificates as valid without prompting for anything.
This can be reproduced using the following sites:
NOTE: For self signed certificate sites like
konqueror reports rightly that the certificate was self-signed (in which case it is right to prompt for acceptance) but also reports that the hostname is different from the CN (which is not the case).
I can't confirm for the 2 .pl sites but the report for the self-signed certificate is confirmed.
Confirmed on all counts here, 4.0.99 build.
I can confirm this problem with 4.0.99, openssl-0.9.8h and qca-2.0.1. KMail seems to be afffected, too. Even if I add the certs manually via crypto settigns menu; they aren't saved and the list stays empty.
Are you people using -unpatched- 4.0.99? There was a bug like that in trunk, but the change that caused it has never been part of 4.1 branch. Perhaps the distro picked it up?
I only had this patch applied to fix Bug#162600 http://websvn.kde.org/?view=rev&revision=830140. But to make sure I just compiled kdelibs without it (there are no other patches applied to KDE). Using a clean new user the result was the same.
That's -exactly- the change that caused that regression.
That comment made me think; so I recompiled kdebase-runtime and kdebase linking to the vanilla version of kdelibs. E voila it works. :-)
I'll add a note about this regression to #162600. So hereby the bug is solved for me.
No need. That regression is fixed by r832072
Has been fixed a couple of months ago.
There might be (due to the absence of testing) a problem with more exotic ways to specify valid hostnames in the certificate but for the vast majority of certificates it's fixed.