Bug ID 1221557
Summary flatpak runtime org.kde.Platform 6.6 does not reliably verify SSL certs
Classification openSUSE
Product openSUSE Aeon
Version Current
Hardware x86-64
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Flatpak
Assignee rbrown@suse.com
Reporter vortex@z-ray.de
QA Contact qa-bugs@suse.de
Target Milestone ---
Found By ---
Blocker ---

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101
Firefox/123.0
Build Identifier: 

Hello there this came to my attention as OBS Studio updated their flatpak from
30.0.2 to 30.1.0 where they also changed the used runtime form KDE Platform 6.5
to 6.6.

Since that update browser sources and browser docks do no longer work if they
are pointing at an HTTPS protected site.
While with runtime 6.5 it still works fine (more details below).

Browser docks are only available in a X11 session due to bugs under Wayland but
also the only one to actually show an error message while browser sources are
completely silent and simply keep empty.

Beside the steps to reproduce other findings made in the meantime before
reporting here.
This happens on openSUSE Leap 15.6, openSUSE Tumbleweed, openSUSE Aeon and
openSUSE Kalpa.
Running the OBS Studio flatpak on virtually any other Linux distribution
(Tested Ubuntu 22.04, Fedora 39, Arch Linux) does work just fine.

Nevertheless I report the bug for Aeon as Aeon and Kalpa heavily rely on
flatpaks and this issue is more imminent for them than for regular Tumbleweed
and Leap.

Other things I tried was running the OBS Studio 30.1.0 *.dep package from
inside a Ubuntu 22.04 distrobox container running on my openSUSE Aeon host.
Browser sources and docks worked just fine.
Also I ran a Ubuntu 22.04 VM on my openSUSE Aeon host using Gnome Boxes and the
flatpak version of OBS Studio, browser sources and docks worked just fine too.

Furthermore I build the OBS Studio flatpak locally using fkatpab-builder from
inside a openSUSE Tumbleweed distrobox using runtime 6.5 instead of 6.6. That
OBS Studio flatpak did worked just fine on my openSUSE Aeon and inside the
openSUSE Tumlbeweed distrobox container. Whilst building it with 6.6 was broken
again.

To build OBS Studio with a different runtime do the following:
1) git clone --recursive https://github.com/obsproject/obs-studio.git
2) Change the content of obs-studio/build-aux/com.obsproject.Studio to ruse
runtime 6.5 instead of 6.6 (line 4)
3) flatpak-builder --force-clean --install-deps-from=flathub --user --install
--ccache --mirror-screenshots-url=https://dl.flathub.org/media/ build-dir
build-aux/com.obsproject.Studio.json --user --install

Reproducible: Always

Steps to Reproduce:
1. Install OBS Studio flatpak 30.1.0
2. Add a browser dock or a browser source pointing to an https site
3. See nothing or in case of a dock the error: ERR_CERT_AUTHORITY_INVALID URL:
https://obsproject.com/browser-source
Actual Results:  
Empty browser source or a browser dock showing ERR_CERT_AUTHORITY_INVALID URL:
https://obsproject.com/browser-source

Expected Results:  
Browser sources and docks to work

Thsi bug was firstly reported to OBS Studio where we found out it's actually
the runtime causeing the issue:
https://github.com/obsproject/obs-studio/issues/10385

And reported to KDE where they asked me to better open up the issue directly
for openSUSE as other distributions are not affected over here:
https://bugs.kde.org/show_bug.cgi?id=483746


You are receiving this mail because: