On Wednesday, 4 de May de 2011 22:54:34 Niels Mayer wrote: > On Wed, May 4, 2011 at 8:39 PM, Alexander Bokovoy <[email protected]> wrote: > >> (https://bugs.meego.com) > > > > There seem to be some misconfiguration of SSL setup at meego.com. I > > tried with QtWebkit and it also unable to reach and render it. > > KDE's Konqueror browser also cannot browse bugs.meego.com over SSL. It > outputs the following error: > http://nielsmayer.com/meego/bugs-meego-com-bad-certificate.png > > It's as if the WebKit based browsers (such as Konqueror) do not > recognize Go Daddy as CA. (Note the empty certificate chain and "this > certificate is not signed by any trusted authority" in image above).
That's not it.
The reason is that the certificate presented *is* self-signed. There's no
GoDaddy issuer.
And the reason for that is that QSslSocket does not send the Server Name
Identification SSL extension, whereas Firefox does. You can compare the two
behaviours with:
openssl s_client -connect bugs.meego.com:443 -servername bugs.meego.com
openssl s_client -connect bugs.meego.com:443
QSslSocket in Qt 4.8 does send SNI now.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Senior Product Manager - Nokia, Qt Development Frameworks
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines
