What Causes KDE SSL Information Dialog to Appear?
All, I was away from my computer for a while and came back and there was a "KDE SSL Information" dialog on my screen informing me of a problem with the national weather service NOAA site certificate. Here is what I saw: https://paste.opensuse.org/37109107 I've used KDE3 since? SUSE 8? and I've never just had this dialog appear. The IP listed does belong to the correct entity, e.g. whois 140.90.101.79 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2022, American Registry for Internet Numbers, Ltd. # NetRange: 140.90.0.0 - 140.90.255.255 CIDR: 140.90.0.0/16 NetName: NOAA-EAST3 NetHandle: NET-140-90-0-0-1 Parent: NET140 (NET-140-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: National Oceanic and Atmospheric Administration (NOAABO-Z) RegDate: 1990-04-09 Updated: 2021-12-14 Ref: https://rdap.arin.net/registry/ip/140.90.0.0 OrgName: National Oceanic and Atmospheric Administration OrgId: NOAABO-Z Address: 325 Broadway City: Boulder StateProv: CO PostalCode: 80305 Country: US RegDate: 2020-08-25 Updated: 2020-08-25 Ref: https://rdap.arin.net/registry/entity/NOAABO-Z I do have bookmarks for the weather sites in Firefox, but not in konqueror. While konqueror in KDE3 may be the best file-manager ever made, the browser side has been dated and dead for a decade. So I have no clue what generated this dialog. Anybody else ever see one, or have an idea what triggered it? -- David C. Rankin, J.D.,P.E.
Thanks for reporting. This problem turned out to be caused by two bugs: 1. A handle of openssl library (X509_STORE_CTX) should not be used twice (it causes X509_V_ERR_INVALID_CALL error). 2. Intermediate (chained) certificate(s) was not passed to openssl due to function deprecation, it causes certificate validation error (occurs only on sites with intermediate certificates). Both of them were fixed in recent update. On Thu, 17 Nov 2022 16:12:24 -0600 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
All,
I was away from my computer for a while and came back and there was a "KDE SSL Information" dialog on my screen informing me of a problem with the national weather service NOAA site certificate. Here is what I saw:
https://paste.opensuse.org/37109107
I've used KDE3 since? SUSE 8? and I've never just had this dialog appear. The IP listed does belong to the correct entity, e.g.
whois 140.90.101.79
# # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2022, American Registry for Internet Numbers, Ltd. #
NetRange: 140.90.0.0 - 140.90.255.255 CIDR: 140.90.0.0/16 NetName: NOAA-EAST3 NetHandle: NET-140-90-0-0-1 Parent: NET140 (NET-140-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: National Oceanic and Atmospheric Administration (NOAABO-Z) RegDate: 1990-04-09 Updated: 2021-12-14 Ref: https://rdap.arin.net/registry/ip/140.90.0.0
OrgName: National Oceanic and Atmospheric Administration OrgId: NOAABO-Z Address: 325 Broadway City: Boulder StateProv: CO PostalCode: 80305 Country: US RegDate: 2020-08-25 Updated: 2020-08-25 Ref: https://rdap.arin.net/registry/entity/NOAABO-Z
I do have bookmarks for the weather sites in Firefox, but not in konqueror. While konqueror in KDE3 may be the best file-manager ever made, the browser side has been dated and dead for a decade. So I have no clue what generated this dialog.
Anybody else ever see one, or have an idea what triggered it?
-- David C. Rankin, J.D.,P.E.
-- Yasuhiko Kamata E-mail: belphegor@belbel.or.jp
On 12/6/22 04:32, Yasuhiko Kamata wrote:
Thanks for reporting.
This problem turned out to be caused by two bugs:
1. A handle of openssl library (X509_STORE_CTX) should not be used twice (it causes X509_V_ERR_INVALID_CALL error).
2. Intermediate (chained) certificate(s) was not passed to openssl due to function deprecation, it causes certificate validation error (occurs only on sites with intermediate certificates).
Both of them were fixed in recent update.
On Thu, 17 Nov 2022 16:12:24 -0600
You are awesome Yasuhiko! I wish I had a build environment setup for KDE3. Built TDE for years, but only have a 15.4 laptop at present. Doable, but very slow.... -- David C. Rankin, J.D.,P.E.
participants (2)
-
David C. Rankin -
Yasuhiko Kamata