Hi Thiago,
On Thu, May 5, 2011 at 09:16, Thiago Macieira <thi...@kde.org> wrote:
> On Wednesday, 4 de May de 2011 22:54:34 Niels Mayer wrote:
>> On Wed, May 4, 2011 at 8:39 PM, Alexander Bokovoy <a...@samba.org> wrote:
>> >> (https://bugs.meego.com)
>> >
>> > There seem to be some misconfiguration of SSL setup at meego.com. I
>> > tried with QtWebkit and it also unable to reach and render it.
>>
>> KDE's Konqueror browser also cannot browse bugs.meego.com over SSL. It
>> outputs the following error:
>> http://nielsmayer.com/meego/bugs-meego-com-bad-certificate.png
>>
>> It's as if the WebKit based browsers (such as Konqueror) do not
>> recognize Go Daddy as CA. (Note the empty certificate chain and "this
>> certificate is not signed by any trusted authority" in image above).
>
> That's not it.
>
> The reason is that the certificate presented *is* self-signed. There's no
> GoDaddy issuer.
>
> And the reason for that is that QSslSocket does not send the Server Name
> Identification SSL extension, whereas Firefox does. You can compare the two
> behaviours with:
>
> openssl s_client -connect bugs.meego.com:443 -servername bugs.meego.com
> openssl s_client -connect bugs.meego.com:443
>
> QSslSocket in Qt 4.8 does send SNI now.
Any chance this could be backported to stable 4.7?
Alternatively, one can do
QSslConfiguration config = _currentRequest.sslConfiguration();
config.setProtocol(QSsl::AnyProtocol);
_currentRequest.setSslConfiguration(config);
to force switchover to TLSv1 if SSLv3 does not work...
--
/ Alexander Bokovoy
_______________________________________________
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines
