forwarded 745556 https://bugs.kde.org/show_bug.cgi?id=335375
thanks
Closing the dialog for choosing how long to accept an invalid
certificate for (which gives the options to accept Forever, or for
Current Session Only) causes the default option of Current Session Only
to be accepted
Steps to Reproduce:
1. Attempt to connect to server with invalid SSL certificate in KMail or
similar
2. On 1st dialog that appears (giving details on why the certificate is
invalid), click on Continue
3. Close 2nd dialog rather than selecting one of the 2 available options
The length of time the certificate has been accepted for can be verified
by examining the entry for the certificate in
${HOME}/.kde/share/config/ksslcertificatemanager
Attached is a proposed patch which I have forwarded upstream which
modifies the behaviour of the dialog box in question so that closing it
will return the user back to the previous dialog
--
Jim Scadden
Index: kde4libs-4.13.1/kio/kssl/sslui.cpp
===================================================================
--- kde4libs-4.13.1.orig/kio/kssl/sslui.cpp
+++ kde4libs-4.13.1/kio/kssl/sslui.cpp
@@ -75,66 +75,76 @@ bool KIO::SslUi::askIgnoreSslErrors(cons
}
message = message.trimmed();
- int msgResult;
+ bool returnToInitialDialog = false;
do {
- msgResult = KMessageBox::warningYesNoCancel(0, message, i18n("Server Authentication"),
- KGuiItem(i18n("&Details"), "help-about"),
- KGuiItem(i18n("Co&ntinue"), "arrow-right"));
- if (msgResult == KMessageBox::Yes) {
- //Details was chosen - show the certificate and error details
-
- QList<QList<KSslError::Error> > meh; // parallel list to cert list :/
-
- foreach (const QSslCertificate &cert, ud->certificateChain) {
- QList<KSslError::Error> errors;
- foreach(const KSslError &error, ud->sslErrors) {
- if (error.certificate() == cert) {
- // we keep only the error code enum here
- errors.append(error.error());
+ int msgResult;
+ do {
+ msgResult = KMessageBox::warningYesNoCancel(0, message, i18n("Server Authentication"),
+ KGuiItem(i18n("&Details"), "help-about"),
+ KGuiItem(i18n("Co&ntinue"), "arrow-right"));
+ if (msgResult == KMessageBox::Yes) {
+ //Details was chosen - show the certificate and error details
+
+
+ QList<QList<KSslError::Error> > meh; // parallel list to cert list :/
+
+ foreach (const QSslCertificate &cert, ud->certificateChain) {
+ QList<KSslError::Error> errors;
+ foreach(const KSslError &error, ud->sslErrors) {
+ if (error.certificate() == cert) {
+ // we keep only the error code enum here
+ errors.append(error.error());
+ }
}
+ meh.append(errors);
}
- meh.append(errors);
+
+
+ KSslInfoDialog *dialog = new KSslInfoDialog();
+ dialog->setSslInfo(ud->certificateChain, ud->ip, ud->host, ud->sslProtocol,
+ ud->cipher, ud->usedBits, ud->bits, meh);
+ dialog->exec();
+ } else if (msgResult == KMessageBox::Cancel) {
+ return false;
}
+ //fall through on KMessageBox::No
+ } while (msgResult == KMessageBox::Yes);
- KSslInfoDialog *dialog = new KSslInfoDialog();
- dialog->setSslInfo(ud->certificateChain, ud->ip, ud->host, ud->sslProtocol,
- ud->cipher, ud->usedBits, ud->bits, meh);
- dialog->exec();
- } else if (msgResult == KMessageBox::Cancel) {
- return false;
- }
- //fall through on KMessageBox::No
- } while (msgResult == KMessageBox::Yes);
+ if (storedRules & StoreRules) {
+ //Save the user's choice to ignore the SSL errors.
+ msgResult = KMessageBox::warningYesNoCancel(0,
+ i18n("Would you like to accept this "
+ "certificate forever without "
+ "being prompted?"),
+ i18n("Server Authentication"),
+ KGuiItem(i18n("&Current Session only"), "chronometer"),
+ KGuiItem(i18n("&Forever"), "flag-green"));
+ QDateTime ruleExpiry = QDateTime::currentDateTime();
+ if (msgResult == KMessageBox::Cancel) {
+ // return to previous dialog
+ returnToInitialDialog = true;
+ } else {
+ if (msgResult == KMessageBox::No) {
+ //accept forever ("for a very long time")
+ ruleExpiry = ruleExpiry.addYears(1000);
+ } else {
+ //accept "for a short time", half an hour.
+ ruleExpiry = ruleExpiry.addSecs(30*60);
+ }
- if (storedRules & StoreRules) {
- //Save the user's choice to ignore the SSL errors.
+ //TODO special cases for wildcard domain name in the certificate!
+ //rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever);
- msgResult = KMessageBox::warningYesNo(0,
- i18n("Would you like to accept this "
- "certificate forever without "
- "being prompted?"),
- i18n("Server Authentication"),
- KGuiItem(i18n("&Forever"), "flag-green"),
- KGuiItem(i18n("&Current Session only"), "chronometer"));
- QDateTime ruleExpiry = QDateTime::currentDateTime();
- if (msgResult == KMessageBox::Yes) {
- //accept forever ("for a very long time")
- ruleExpiry = ruleExpiry.addYears(1000);
- } else {
- //accept "for a short time", half an hour.
- ruleExpiry = ruleExpiry.addSecs(30*60);
+ rule.setExpiryDateTime(ruleExpiry);
+ rule.setIgnoredErrors(ud->sslErrors);
+ cm->setRule(rule);
+ }
}
- //TODO special cases for wildcard domain name in the certificate!
- //rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever);
-
- rule.setExpiryDateTime(ruleExpiry);
- rule.setIgnoredErrors(ud->sslErrors);
- cm->setRule(rule);
- }
+ } while (returnToInitialDialog);
return true;
}
