Hi Thiago, On Thu, May 5, 2011 at 09:16, Thiago Macieira <thi...@kde.org> wrote: > On Wednesday, 4 de May de 2011 22:54:34 Niels Mayer wrote: >> On Wed, May 4, 2011 at 8:39 PM, Alexander Bokovoy <a...@samba.org> wrote: >> >> (https://bugs.meego.com) >> > >> > There seem to be some misconfiguration of SSL setup at meego.com. I >> > tried with QtWebkit and it also unable to reach and render it. >> >> KDE's Konqueror browser also cannot browse bugs.meego.com over SSL. It >> outputs the following error: >> http://nielsmayer.com/meego/bugs-meego-com-bad-certificate.png >> >> It's as if the WebKit based browsers (such as Konqueror) do not >> recognize Go Daddy as CA. (Note the empty certificate chain and "this >> certificate is not signed by any trusted authority" in image above). > > That's not it. > > The reason is that the certificate presented *is* self-signed. There's no > GoDaddy issuer. > > And the reason for that is that QSslSocket does not send the Server Name > Identification SSL extension, whereas Firefox does. You can compare the two > behaviours with: > > openssl s_client -connect bugs.meego.com:443 -servername bugs.meego.com > openssl s_client -connect bugs.meego.com:443 > > QSslSocket in Qt 4.8 does send SNI now. Any chance this could be backported to stable 4.7?
Alternatively, one can do QSslConfiguration config = _currentRequest.sslConfiguration(); config.setProtocol(QSsl::AnyProtocol); _currentRequest.setSslConfiguration(config); to force switchover to TLSv1 if SSLv3 does not work... -- / Alexander Bokovoy _______________________________________________ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines