[kio] [Bug 233628] self signed SSL Certificate is not remembered (remember forever function)

Thu, 12 Dec 2019 04:47:44 -0800 

https://bugs.kde.org/show_bug.cgi?id=233628

Hans-Peter Jansen <h...@urpla.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
           Platform|Ubuntu Packages             |openSUSE RPMs
         Resolution|FIXED                       |---
            Version|4.4                         |unspecified

--- Comment #72 from Hans-Peter Jansen <h...@urpla.net> ---
I hate to reopen old bugs, but after a long time of silence, some changes
during this year made it reappear.

I still have/need access to an old imap server (from a liquidated company) in
my local network (openSUSE 11.1, cyrus imap, self signed certificate). On my
Tumbleweed desktop (20191210), I suffer from this issue since a few weeks with
various degrees of severity, up to a complete *DOS* (kscreenlocker_greet shows
a time in the past, almost always 04:4?, but no login) of my system (all
KDE/KF5).

Since I needed to reboot my system today morning again due to this very issue,
I decided to track this down: killing the kscreenlocker* allowed me to take a
look, and guess what: it shows "Server Authentication" warnings [SAW], up to
the point of kwin crashing (no window handles, no screen switching, ...).

Here are some interesting details:
I've added the root and imap certificate in Kleopatra a while ago, where it is
shown under Trusted certificates. (All screen texts are translated from german
on the fly, bear with me). 

I can easily provoke the SAW once by restarting Kmail, but restarting akonadi
will trigger the SAW once *every* *30* *seconds*. Looks, like something
triggers an akonadi restart early in the morning, but that's not the point.

Recreating .config/ksslcertificatemanager reveals another funny detail: the
format changed over time, now it looks similar to:

[95a0e3fca10d38c8420639952ad508c1]
imap.local.domain=ExpireUTC 3019-12-12T13:33:39,SelfSignedCertificateInChain

and every time, I confirm to persist the certificate, the ExpireUTC value
changes.

So here's a summary: 
 * kwin should never crash if too many dialogs are shown
 * the SAW should never shown more than once
 * kio doesn't associate accepted certificates correctly

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to