Bug 84629 - Certificate warning window does not include a Details button
Summary: Certificate warning window does not include a Details button
Status: CONFIRMED
Alias: None
Product: kopete
Classification: Applications
Component: Jabber Plugin (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR wishlist
Target Milestone: ---
Assignee: Kopete Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-07-07 08:14 UTC by Casey Allen Shobe
Modified: 2010-08-19 11:18 UTC (History)
5 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Casey Allen Shobe 2004-07-07 08:14:42 UTC
Version:            (using KDE Devel)
Installed from:    Compiled sources
OS:                Linux

I get a warning about the server's certificate.  I can't tell whether or not I want to accept it or not because I cannot view the Details (as in Konqueror).  This should be added.
Comment 1 Carsten Wolff 2004-08-15 18:18:52 UTC
I made a similar experience, only that kopete did not ask me at all, if I whanted to accept the server-certificate. Instead, it just silently accepts it. This is to be considered a bug.
Comment 2 Till Gerken 2004-08-15 18:55:26 UTC
This happens only if the certificate is valid or you previously clicked on "accept" and checked "don't ask me again".
Comment 3 Ansgar 2010-02-14 14:19:23 UTC
This issue is still present in kopete/4.3.4 (I'm using the packages from Debian testing).

I have written a more detailed bug report in the Debian BTS about this [1] including several suggestions what could be improved:

when connecting to a Jabber server via TLS I get a dialog with the
following information:

  The identity and the certificate of server example.com could not be
  validated for account bob@example.com:
  The certificate is invalid.
  The certificate is self-signed.
  Do you want to continue?

  [ ] Do not ask again.
  (Continue) (Cancel)

This is not very helful.  The following information should be included:

1. Why is the certificate considered invalid?  Is it expired?  Does the
included CN not match the expected value?

2. If it is self-signed, or signed by a CA that is not trusted, it
should display more information about the certificate such as the
fingerprint and CN.  This would make it possible to verify the
certificate via some other means.

3. What does "Do not ask again." mean here?  Remember this certificate
and do not ask again for (this certificate, this server) or never notify
me again of certificate problems?

[1] http://bugs.debian.org/569772
Comment 4 Kde 2010-02-23 02:44:25 UTC
I agree that the changes suggested in comment #3 should be implemented. The current dialog is not clear enough as to what the issue is and what the proposed action will do.
Comment 5 subscryer 2010-05-12 09:31:33 UTC
I second this request for a much needed improvement, the current situation could lead to password stealing with man in the middle or, if the certificate is not accepted, a denial of service.
Comment 6 modulistic 2010-08-19 11:18:14 UTC
Still happens in opensuse 11.3 package:

Kopete
Version 1.0.0
Using KDE Development Platform 4.4.4 (KDE 4.4.4) "release 2"