On Wednesday, 4 de May de 2011 22:54:34 Niels Mayer wrote: > On Wed, May 4, 2011 at 8:39 PM, Alexander Bokovoy <a...@samba.org> wrote: > >> (https://bugs.meego.com) > > > > There seem to be some misconfiguration of SSL setup at meego.com. I > > tried with QtWebkit and it also unable to reach and render it. > > KDE's Konqueror browser also cannot browse bugs.meego.com over SSL. It > outputs the following error: > http://nielsmayer.com/meego/bugs-meego-com-bad-certificate.png > > It's as if the WebKit based browsers (such as Konqueror) do not > recognize Go Daddy as CA. (Note the empty certificate chain and "this > certificate is not signed by any trusted authority" in image above).
That's not it. The reason is that the certificate presented *is* self-signed. There's no GoDaddy issuer. And the reason for that is that QSslSocket does not send the Server Name Identification SSL extension, whereas Firefox does. You can compare the two behaviours with: openssl s_client -connect bugs.meego.com:443 -servername bugs.meego.com openssl s_client -connect bugs.meego.com:443 QSslSocket in Qt 4.8 does send SNI now. -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Senior Product Manager - Nokia, Qt Development Frameworks PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines