301060 – SSL certificate has error but sheild icon is green

Bug 301060 - SSL certificate has error but sheild icon is green

Summary: SSL certificate has error but sheild icon is green

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	4.8.3
Platform:	Gentoo Packages Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-06-02 15:37 UTC by Nathaniel Taylor
Modified:	2018-11-12 16:26 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nathaniel Taylor 2012-06-02 15:37:48 UTC

If a site has an SSL error and one chooses to see Details of the problem, the pop-up window showing the signer and certificate chain can show a green shield icon (top left) even when there are significant errors such as a wrong hostname being used.  This gives a misleading impression, which might cause users to avoid reading the detail of the text.

One example is shown in a screenshot here: http://gnu.ets.kth.se/~nt/tmp/konqssl_example.png .  It was obtained by accessing this URL, https://www.tiscali.co.uk/  (2012-06-02: will likely be changed soon).


Reproducible: Always

Steps to Reproduce:
View a https site with a problem with its certificate, and look at the details of the problem.
(I can't say that every type of problem gives this behaviour, but I've noticed it for every case I've seen.)
Actual Results:  
A certificate problem (e.g. wrong hostname)  is correctly reported in the text of konqueror's SSL pop-up window, but the shield icon (top left) is green, suggesting that all is well.

Expected Results:  
 (I claim) the presence of any certificate problem should result in the shield-icon (top left of pop-up) being red, not green.   The current behaviour is highly misleading.  A green shield should show that no problems (at all) can be found in the SSL connection.

Comment 1 Myriam Schweingruber 2012-06-18 19:56:54 UTC

Which exact version is this about?

Comment 2 Nathaniel Taylor 2012-06-18 22:46:41 UTC

This is true for Konqueror 4.8.3 (KDE 4.8.3), built on Gentoo.
But it's much more general than that: I see it's also true for konqueror 4.3.4 in RHEL6.

I've seen it on several sites.
On the above example link that I gave (the tiscali one) the described problem apparently can't be seen again once the browser has been allowed to access the site and get redirected.  I.e., best tested with clean KDE config.

Comment 3 Myriam Schweingruber 2012-06-19 10:13:21 UTC

Thank you for the fast feedback.

Comment 4 Andrew Crouthamel 2018-11-09 01:04:19 UTC

Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!

Comment 5 Nathaniel Taylor 2018-11-12 07:43:10 UTC

Hi!  I guess we can drop this, as no one else has commented over the years. 

Currently I'm on 4.3.4 (RHEL6) without easy access to the latest version of KDE/konqueror. And the website I gave as an example has now disappeared; it's surprisingly hard to find websites with SSL error when one actually looks for them!

Comment 6 Andrew Crouthamel 2018-11-12 16:26:58 UTC

Thanks for the update!