Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 297165

Summary: kde-base/konqueror doesn't use ca-certificates installed files to check CAs
Product: Gentoo Linux Reporter: Paul Gover <paul_gover>
Component: [OLD] KDEAssignee: Gentoo KDE team <kde>
Status: RESOLVED FIXED    
Severity: normal CC: gengor
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Paul Gover 2009-12-16 13:16:46 UTC 
konqueror 4.3.3 doesn't recognize the VeriSign Class 3 G5 CA certificate, among other well-known CA certificates.

For a web site that exhibits the problem, try
  https://public.jpmorganwealthmanagerplus.co.uk/
Unless you've already imported the certificate to konqueror, you get a warning that the certificate is untrusted, and the details show that it's the VeriSign CA certificate that it doesn't trust.

This is Debian or kdelibs bug 295266 - see
  https://bugs.launchpad.net/kdelibs/+bug/295266

The issue appears to be that kdelibs has it's own CA certificate stores in
  /usr/share/apps/kssl/ca-bundle.crt
and
  /usr/share/config/ksslcalist

and neither of them contain as up-to-date a list as the Gentoo (from Debian)
  app-misc/ca-certificates
package.

There's a comment near the end of the above-mentioned kdelibs bug report giving a symbolic link from
  /usr/share/apps/kssl/ca-bundle.crt
to
  /etc/ssl/certs/ca-certificates.crt
that apparently fixes it.  Can we have this bypass in Gentoo please?

Reproducible: Always

Steps to Reproduce:
1.Browse to above https link in konqueror

Actual Results:  
Warning message that the certificate is invalid

Expected Results:  
Enter the website to fritter away your money

I'm using app-misc/ca-certificates-20090709, kde-base/konqueror-4.3.3 and kde-base/kdelibs-4.3.3-r1 (and all the 4.3.3 KDE stuff).

Here's the mandatory emerge --info

Portage 2.2_rc55 (default/linux/amd64/10.0/desktop, gcc-4.3.3, glibc-2.10.1-r0, 2.6.30-gentoo-r5 x86_64)
=================================================================                                       
System uname: Linux-2.6.30-gentoo-r5-x86_64-AMD_Phenom-tm-_9150e_Quad-Core_Processor-with-gentoo-1.12.13
Timestamp of tree: Sat, 05 Dec 2009 20:15:02 +0000                                                      
ccache version 2.4 [enabled]                                                                            
app-shells/bash:     4.0_p28                                                                            
dev-java/java-config: 2.1.9-r1                                                                          
dev-lang/python:     2.6.4                                                                              
dev-util/ccache:     2.4-r7                                                                             
dev-util/cmake:      2.6.4-r3                                                                           
sys-apps/baselayout: 1.12.13                                                                            
sys-apps/sandbox:    2.2                                                                                
sys-devel/autoconf:  2.13, 2.63-r1                                                                      
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2                                               
sys-devel/binutils:  2.18-r3                                                                            
sys-devel/gcc-config: 1.4.1                                                                             
sys-devel/libtool:   2.2.6a                                                                             
virtual/os-headers:  2.6.27-r2                                                                          
ACCEPT_KEYWORDS="amd64"                                                                                 
ACCEPT_LICENSE="* -@EULA IBM-J1.6 dlj-1.1"                                                              
CBUILD="x86_64-pc-linux-gnu"                                                                            
CFLAGS="-march=native -O3 -pipe"                                                                        
CHOST="x86_64-pc-linux-gnu"                                                                             
CONFIG_PROTECT="/etc /usr/share/config /var/lib/hsqldb"                                                 
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"                                                                                               
CXXFLAGS="-march=native -O3 -pipe"                                                                                                     
DISTDIR="/var/tmp/distfiles"                                                                                                           
FEATURES="assume-digests ccache distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv"                                                                                                 
GENTOO_MIRRORS="ftp://ftp.mirrorservice.org/sites/www.ibiblio.org/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"                                                                                                                   
LANG="en_GB.utf8"                                                                                                                      
LDFLAGS="-Wl,-O1"                                                                                                                      
LINGUAS="en_GB en en_US"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow X a52 aac acl acpi alsa amd64 berkdb branding bzip2 cairo cdr cli consolekit cracklib crypt cups cxx dbus dri dts dvd dvdr emboss encode fam firefox flac fortran gdbm gif gpm gstreamer gtk hal handbook iconv ipv6 java joystick jpeg kde ldap libnotify mad mikmod mmx mmxext modules mp3 mp4 mpeg mudflap multilib mysql ncurses nls nptl nptlonly nsplugin ogg opengl openmp pam pcre pdf perl png ppds pppd python qt3support qt4 quicktime readline reflection sdl session spell spl sql sse sse2 ssl startup-notification svg sysfs tcpd threads thunar tiff truetype unicode usb vorbis webkit x264 xcomposite xine xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" DVB_CARDS="usb-wt220u" ELIBC="glibc" INPUT_DEVICES="keyboard mouse joystick evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en en_US" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fglrx"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2009-12-16 14:42:24 UTC 
Anyone can see any reason not to nuke the KDE CA files/dirs and just symlink to the system ones?
Comment 2 Tomáš Chvátal (RETIRED) gentoo-dev 2009-12-16 17:18:57 UTC 
Nuke the stuff and use the symlink is our target i say :]
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2010-03-31 22:47:51 UTC 
Fixed in 4.4.2.