Bug 204849 - Konqueror only validates certs by MD5 sum
Summary: Konqueror only validates certs by MD5 sum
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: 4.3.0
Platform: Debian testing Linux
: NOR wishlist
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-23 11:58 UTC by Tim Brown
Modified: 2009-11-13 13:21 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Patch to display SHA1 of cert (1.33 KB, patch)
2009-11-02 01:24 UTC, Tim Brown 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Brown 2009-08-23 11:58:01 UTC 
Version:           4.3.0 (using KDE 4.3.0)
Compiler:          n/a n/a
OS:                Linux
Installed from:    Debian testing/unstable Packages

Konqueror only validates certs by MD5 sum.  It is also not possible to see the SHA1 sum for the cert in the KDE SSL Information window.  MD5 is broken and subject to chosen prefix attacks.
Comment 1 Tim Brown 2009-11-02 01:24:30 UTC 
Created attachment 38019 [details]
Patch to display SHA1 of cert
Comment 2 Tim Brown 2009-11-02 01:26:17 UTC 
This bug has also been reported to Debian as http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525975.
Comment 3 Tim Brown 2009-11-13 13:21:46 UTC 
Fixed with r1048255