Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 163029 - konqueror is not able to connect to given https url
Summary: konqueror is not able to connect to given https url
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] KDE (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo KDE team
URL: https://www.cacert.org
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-21 05:12 UTC by Florian Friesdorf
Modified: 2007-04-12 16:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Friesdorf 2007-01-21 05:12:41 UTC 
konqueror cannot connect to https://www.cacert.org:

An error occurred while loading https://www.cacert.org/:
Could not connect to host www.cacert.org.

In ~/.xsession-errors:
30956:error:140943FC:lib(20):func(148):reason(1020):s3_pkt.c:1057:SSL alert number 20


I am running right now revedep-rebuild --library libcrypto.so.0.9.7 and afterwards the same for libssl.so.0.9.7 as suggested by the openssl ebuild.

From the openssl ebuild:
You must re-compile all packages that are linked against OpenSSL 0.9.7 by using revdep-rebuild from gentoolkit

How is that to be understood, why is openssl-0.9.8 installing those 0.9.7 compatibility libs, if I then _have_to_ re-compile? Is that not more a "it is highly suggested as packages might be broken now, despite the fact that they should not be"?

Reproducible: Always
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-01-21 05:15:11 UTC 
So run the revdep-rebuild and then delete the old libs...
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2007-01-21 05:16:44 UTC 
(In reply to comment #0)
> How is that to be understood, why is openssl-0.9.8 installing those 0.9.7
> compatibility libs, if I then _have_to_ re-compile? Is that not more a "it is
> highly suggested as packages might be broken now, despite the fact that they
> should not be"?

No, it's not a suggestion, you must do it. The old libs are left there so that you could at least emerge --sync and fetch stuff via wget.
Comment 3 Florian Friesdorf 2007-01-22 08:24:15 UTC 
(In reply to comment #2)
> 
> No, it's not a suggestion, you must do it. The old libs are left there so that
> you could at least emerge --sync and fetch stuff via wget. 

Thx for the explanation - I did:
revdep-rebuild -X --library libssl.so.0.9.7
rm /usr/lib/libssl.so.0.9.7
revdep-rebuild -X --library libcrypto.so.0.9.7
rm /usr/lib/libcrypto.so.0.9.7

I then did an revdep-rebuild -X and it showed no broken dependencies.

With disabled SSLv2, konqueror is still not able to access https://www.cacert.org, with SSLv2 enabled it works.
Firefox with disabled SSLv2 is able to access https://www.cacert.org.

A comment from cacert-support mailing list from Duane:
> Bug in Konq prevents some people from connecting, we attempted to modify
> the apache config to get around the problem in Konq, but obviously
> haven't succeeded in all case.
>
> The problem seems to occur when people disable SSLv2 in Konq, and it is
> only present in some recent versions of the software. No other browsers
> tested have this problem.
Comment 4 Patrick ALLAERT 2007-02-25 19:41:23 UTC 
Having the same problem here...
Comment 5 Carsten Lohrke (RETIRED) gentoo-dev 2007-04-12 16:44:33 UTC 
(In reply to comment #0)
> How is that to be understood, why is openssl-0.9.8 installing those 0.9.7
> compatibility libs, if I then _have_to_ re-compile? Is that not more a "it is
> highly suggested as packages might be broken now, despite the fact that they
> should not be"?

If the older libs wouldn't be retained, apps would miss them - running system broken. You don't want that. :)


Valid bug, please follow https://bugs.kde.org/show_bug.cgi?id=142553