https://bugs.kde.org/show_bug.cgi?id=233628
--- Comment #78 from Hans-Peter Jansen <h...@urpla.net> --- Dear Volker, thank you very much. I hereby confirm, that D25371 on top of kio 5.64 fixes the most apparent impact of this issue after regenerating .config/ksslcertificatemanager (that was: repeatedly displaying the SAW for already confirmed hosts). While you improved the interoperability with *some* self signed certificates for about 100%, a few notes are due, though. My newly generated .config/ksslcertificatemanager contains in total 3 digests with 4 hosts (one exists with both name and ip address). I would expect that code to ask exactly 4 times (once for each host), but it asked for every *account* once, and since I didn't confirm all the SAWs in the first 30 seconds (I was delayed for about 2 minutes), I had to confirm about 30 requests for my 8 accounts(!). The certificate manager might need to flag certificates with pending requests and, hmm, block subsequent requests?!? The need for regenerating .config/ksslcertificatemanager implies some issues with upgrading from old errors to new ones: Here's the diff of them: -192.168.2.4=ExpireUTC 3019-03-21T20:24:03,HostNameMismatch,InvalidCertificateAuthority,CertificateSignatureFailed +192.168.2.4=ExpireUTC 3019-12-13T11:29:11,HostNameMismatch,UnableToGetLocalIssuerCertificate,UnableToVerifyFirstCertificate -somewhere.org=ExpireUTC 3019-06-13T18:22:39,InvalidCertificateAuthority,CertificateSignatureFailed +somewhere.org=ExpireUTC 3019-12-13T11:28:34,UnableToGetLocalIssuerCertificate,UnableToVerifyFirstCertificate -local.host=ExpireUTC 3019-11-15T10:17:40,SelfSignedCertificate +local.host=ExpireUTC 3019-12-13T11:29:24,SelfSignedCertificateInChain It might be better to just silently remove the old (unknown) ones. During the experiments yesterday, it managed to create one entry, that was missing a CertificatePEM= field. Most probably by removing .config/ksslcertificatemanager, while akonadi was still running. That entry didn't gained that field again during the reboots today, but only after manually removing the key, and let kio regenerating the full key on reboot. One thing, that nags me from this experience is the DOS behaviour. Any idea, how to precede with this one? And another: since GB is definitely leaving the EU now, their significance will cease. Should we (try to) stick with British English, or fully turn to the chewing gum version of it in global communications? -- You are receiving this mail because: You are watching all bug changes.
