forwarded 745556 https://bugs.kde.org/show_bug.cgi?id=335375 thanks
Closing the dialog for choosing how long to accept an invalid certificate for (which gives the options to accept Forever, or for Current Session Only) causes the default option of Current Session Only to be accepted Steps to Reproduce: 1. Attempt to connect to server with invalid SSL certificate in KMail or similar 2. On 1st dialog that appears (giving details on why the certificate is invalid), click on Continue 3. Close 2nd dialog rather than selecting one of the 2 available options The length of time the certificate has been accepted for can be verified by examining the entry for the certificate in ${HOME}/.kde/share/config/ksslcertificatemanager Attached is a proposed patch which I have forwarded upstream which modifies the behaviour of the dialog box in question so that closing it will return the user back to the previous dialog -- Jim Scadden
Index: kde4libs-4.13.1/kio/kssl/sslui.cpp =================================================================== --- kde4libs-4.13.1.orig/kio/kssl/sslui.cpp +++ kde4libs-4.13.1/kio/kssl/sslui.cpp @@ -75,66 +75,76 @@ bool KIO::SslUi::askIgnoreSslErrors(cons } message = message.trimmed(); - int msgResult; + bool returnToInitialDialog = false; do { - msgResult = KMessageBox::warningYesNoCancel(0, message, i18n("Server Authentication"), - KGuiItem(i18n("&Details"), "help-about"), - KGuiItem(i18n("Co&ntinue"), "arrow-right")); - if (msgResult == KMessageBox::Yes) { - //Details was chosen - show the certificate and error details - - QList<QList<KSslError::Error> > meh; // parallel list to cert list :/ - - foreach (const QSslCertificate &cert, ud->certificateChain) { - QList<KSslError::Error> errors; - foreach(const KSslError &error, ud->sslErrors) { - if (error.certificate() == cert) { - // we keep only the error code enum here - errors.append(error.error()); + int msgResult; + do { + msgResult = KMessageBox::warningYesNoCancel(0, message, i18n("Server Authentication"), + KGuiItem(i18n("&Details"), "help-about"), + KGuiItem(i18n("Co&ntinue"), "arrow-right")); + if (msgResult == KMessageBox::Yes) { + //Details was chosen - show the certificate and error details + + + QList<QList<KSslError::Error> > meh; // parallel list to cert list :/ + + foreach (const QSslCertificate &cert, ud->certificateChain) { + QList<KSslError::Error> errors; + foreach(const KSslError &error, ud->sslErrors) { + if (error.certificate() == cert) { + // we keep only the error code enum here + errors.append(error.error()); + } } + meh.append(errors); } - meh.append(errors); + + + KSslInfoDialog *dialog = new KSslInfoDialog(); + dialog->setSslInfo(ud->certificateChain, ud->ip, ud->host, ud->sslProtocol, + ud->cipher, ud->usedBits, ud->bits, meh); + dialog->exec(); + } else if (msgResult == KMessageBox::Cancel) { + return false; } + //fall through on KMessageBox::No + } while (msgResult == KMessageBox::Yes); - KSslInfoDialog *dialog = new KSslInfoDialog(); - dialog->setSslInfo(ud->certificateChain, ud->ip, ud->host, ud->sslProtocol, - ud->cipher, ud->usedBits, ud->bits, meh); - dialog->exec(); - } else if (msgResult == KMessageBox::Cancel) { - return false; - } - //fall through on KMessageBox::No - } while (msgResult == KMessageBox::Yes); + if (storedRules & StoreRules) { + //Save the user's choice to ignore the SSL errors. + msgResult = KMessageBox::warningYesNoCancel(0, + i18n("Would you like to accept this " + "certificate forever without " + "being prompted?"), + i18n("Server Authentication"), + KGuiItem(i18n("&Current Session only"), "chronometer"), + KGuiItem(i18n("&Forever"), "flag-green")); + QDateTime ruleExpiry = QDateTime::currentDateTime(); + if (msgResult == KMessageBox::Cancel) { + // return to previous dialog + returnToInitialDialog = true; + } else { + if (msgResult == KMessageBox::No) { + //accept forever ("for a very long time") + ruleExpiry = ruleExpiry.addYears(1000); + } else { + //accept "for a short time", half an hour. + ruleExpiry = ruleExpiry.addSecs(30*60); + } - if (storedRules & StoreRules) { - //Save the user's choice to ignore the SSL errors. + //TODO special cases for wildcard domain name in the certificate! + //rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever); - msgResult = KMessageBox::warningYesNo(0, - i18n("Would you like to accept this " - "certificate forever without " - "being prompted?"), - i18n("Server Authentication"), - KGuiItem(i18n("&Forever"), "flag-green"), - KGuiItem(i18n("&Current Session only"), "chronometer")); - QDateTime ruleExpiry = QDateTime::currentDateTime(); - if (msgResult == KMessageBox::Yes) { - //accept forever ("for a very long time") - ruleExpiry = ruleExpiry.addYears(1000); - } else { - //accept "for a short time", half an hour. - ruleExpiry = ruleExpiry.addSecs(30*60); + rule.setExpiryDateTime(ruleExpiry); + rule.setIgnoredErrors(ud->sslErrors); + cm->setRule(rule); + } } - //TODO special cases for wildcard domain name in the certificate! - //rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever); - - rule.setExpiryDateTime(ruleExpiry); - rule.setIgnoredErrors(ud->sslErrors); - cm->setRule(rule); - } + } while (returnToInitialDialog); return true; }