Mailinglist Archive: opensuse-bugs (2150 mails)

< Previous Next >
[Bug 873680] KDE uses outdated certificates

https://bugzilla.novell.com/show_bug.cgi?id=873680

https://bugzilla.novell.com/show_bug.cgi?id=873680#c5


--- Comment #5 from Ruediger Meier <sweet_f_a@xxxxxx> 2014-04-15 15:03:30 UTC
---
(In reply to comment #4)
Rudi,

In your email, you are raising the issue that divers packages are installing
certificates all over the place and that makes things harder to manage.

At this moment I don't think that symlinking files would actually resolve the
issue that you are referring too.

Those both symlinks resolved my issues for kde3 and kde4 applications on
openSUSE 11.4 and 12.3.

On my system I have deleted those certificates for KDE4 and the system is
working fine. The SSL preferences in systemsettings (Configure Desktop) are
showing the globally installed ones and therefore I am wondering if you found
another way to see that the old certificates from KDE4 are being used, other
than the fact that the files are there.

With KDE Frameworks, it seems that the old methodology is being replaced by a
daemon and Frameworks does not install any certificates.

I've re-checked right now on 13.1. Looks like kde4 has learned to use global
installed certs nowadays. This wasn't the case than I've tested last time.


So I put my question again to ask you if you found any other way (than the
fact
that the file is present) that KDE4 is indeed using the certificate file that
is installed in /usr/share/kde4/apps/kssl ?

I've also tested this now again and it seems that KDE4 completely ignores
/usr/share/kde4/apps/kssl/ca-bundle.crt now.

KDE3 still uses only it's own /opt/kde3/share/apps/kssl/ca-bundle.crt

So my suggestion
KDE4: - remove the unused file /usr/share/kde4/apps/kssl/ca-bundle.crt
(that's just cosmetics - just to be 110% sure that nobody uses these
unmaintained certs)
KDE3: - replace /opt/kde3/share/apps/kssl/ca-bundle.crt by symlink
(that's a security fix and goes to 13.1 and Factory)

I've updated sr230218 for KDE4.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
References