Kopete doesn't seem to be using the root CA configured in KDE (security -> crypto -> SSL signers) I have installed and configured a corporate Jabber server (JabberD), and have activated the use of SSL, using our own root CA, and a server certificate signed by that root CA. This setup is working properly, and we have tested it with Konqueror after adding our root certificate to the KDE SSL signers. When Kopete connects to the server, we get an error saying the following: Certificate of server [server name] could not be validated for account [account name] : The Certificate Authority is invalid So Kopete seems to be ignoring the KDE SSL signers store. In my investigations I have found that Kopete relies on app-crypt/qca-tls for the TLS/SSL part, but I have found little information about this library. I have also found that I'm not the only one with this problem: http://www.kde-forum.org/viewtopic.php?t=3676&start=0&postdays=0&postorder=asc&highlight= As you can see in this forum, the problem happens also with self signed certificates although you add it to the KDE SSL signers. So this seems to be a bug or missing feature in Kopete (although I don't understand why somebody would include SSL support without trust chain checking). I don't know if I should have filed this report directly to KDE. If so please tell me and I'll do it Reproducible: Always Steps to Reproduce: 1. Install JabberD server, activate SSL support with self signed, or CA signed certificate 2. Include self signed or root CA certificate in KDE SSL signers 3. If you have a web server with the same domain name, you can check that the SSL certificate works properly opening a Konqueror https connection 4. Configure Kopete to access the JabberD server using SSL 5. Connect to the Jabber server You can experience the same problem if you try to connect to jabber.org using SSL. If you can download the certificate (I don't know if they offer it anywhere) you'll be able to check the behavior mentioned above Actual Results: Kopete isn't able to check the validity of the certificate sent by the server Expected Results: Kopete should have been able to stablish the validity of the server certificate and stablish a secure connection without user intervention Portage 2.0.51-r3 (default-x86-2004.2, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.7-gentoo-r11 i686) ================================================================= System uname: 2.6.7-gentoo-r11 i686 AMD Athlon(TM) XP 2000+ Gentoo Base System version 1.4.16 Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.14.90.0.8-r1 Headers: sys-kernel/linux26-headers-2.6.8.1-r1 Libtools: sys-devel/libtool-1.5.2-r5 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer -mmmx -m3dnow" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/lib/jboss /var/qmail/control /var/spool/fax/etc" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer -mmmx -m3dnow" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache distlocks sandbox" GENTOO_MIRRORS="http://gentoo.osuosl.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://commserver.openinput.com/gentoo-portage" USE="3dnow X acpi alsa apm arts avi berkdb bitmap-fonts cdr cjk crypt cups divx4linux doc dvd dvdr encode esd f77 foomaticdb fortran freetype gdbm gif gphoto2 gpm gstreamer guile hbci imlib jabber java jikes jpeg junit kde kerberos ldap libg++ libwww mad maildir mikmod mmx mng motif mozilla mpeg mysql ncurses nls nptl objc ofx oggvorbis openal opengl pam pda pdflib perl png postgres python qt quicktime readline samba sasl scanner sdl slang slp spell ssl svga tcltk tcpd tetex tiff truetype unicode usb x86 xml2 xmms xv zlib linguas_es linguas_ca"
Yeah, this is best filed at bugs.kde.org.
Done... http://bugs.kde.org/show_bug.cgi?id=94301
I think we can resolve this as upstream as we can't do much about it.