Bug 335389 - Konqueror + WebKit displays wrong SSL certificate information (if iframe contains content from another domain)
Summary: Konqueror + WebKit displays wrong SSL certificate information (if iframe cont...
Status: VERIFIED FIXED
Alias: None
Product: kwebkitpart
Classification: Unclassified
Component: general (show other bugs)
Version: 1.3.3
Platform: openSUSE RPMs Linux
: NOR normal with 20 votes (vote)
Target Milestone: ---
Assignee: webkit-devel
URL: https://www.neueverwaltung.de/
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-26 20:01 UTC by Christian Boltz
Modified: 2016-02-27 21:59 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In: 1.3.4


Attachments
screenshot showing the certificate details (83.12 KB, image/png)
2014-05-26 20:01 UTC, Christian Boltz
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Boltz 2014-05-26 20:01:27 UTC
Created attachment 86840 [details]
screenshot showing the certificate details

Konqueror (with WebKit) displays wrong SSL certificate information. This happens only if the page contains an iframe with content from another domain, like a twitter box.

If you want to see this bug in action, go to https://www.neueverwaltung.de/ and then, after the twitter box is loaded, view the certificate details.

You'll get something like:
Address: www.neueverwaltung.de
IP address: 199.16.156.230  <-- Twitter
Common name: twitter.com
(see attached screenshot for more details)

This bug does _not_ happen:
- on a subpage without a twitter box (I get the correct certificate details of www.neueverwaltung.de there)
- when using KHTML instead of WebKit
- if you view the certificate details very fast, before the twitter box is loaded (which means the twitter certificate "overwrites" the certificate details)
Comment 1 Dawit Alemayehu 2014-05-27 12:27:55 UTC
Git commit 719e1837089fea66b07885a47ebebcbedc5c89ea by Dawit Alemayehu.
Committed on 27/05/2014 at 12:25.
Pushed by adawit into branch '1.3'.

Show correct SSL information on redirection.
FIXED-IN: 1.3.4

M  +4    -2    src/webpage.cpp

http://commits.kde.org/kwebkitpart/719e1837089fea66b07885a47ebebcbedc5c89ea