https://bugzilla.novell.com/show_bug.cgi?id=758431
https://bugzilla.novell.com/show_bug.cgi?id=758431#c3
--- Comment #3 from Guido Berhörster
Worst of all, it still displays the address bar as being secure. it must not do that if it doesn't actually do any verification.
I'm not sure any more whether this problem is actually caused by Midori. This happens only with 0.3.0 in openSUSE 11.4 and looking at the corresponding code there is a check in webkit_web_view_load_committed_cb() whether the certificate is trusted or not: WebKitWebDataSource *source; WebKitNetworkRequest *request; SoupMessage *message; source = webkit_web_frame_get_data_source (web_frame); request = webkit_web_data_source_get_request (source); message = webkit_network_request_get_message (request); if (message && soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED) view->security = MIDORI_SECURITY_TRUSTED; else #endif view->security = MIDORI_SECURITY_UNKNOWN; (see http://git.xfce.org/apps/midori/tree/midori/midori-view.c?id=0.3.0#n1020) When tracing that with gdb soup_message_get_flags (message) seems to return a random value. Now the above code has not changed at all in Midori 0.4.1 in openSUSE 12.1 but soup_message_get_flags (message) returns a valid value causing Midori to correctly mark the certificate as untrusted. Somebody familiar with libsoup should probably look at this to see whether Midori or libsoup 2.32.2 is at fault here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.