Bug 521902 - kdelibs: use ca-certificates' ca-bundle.crt
Summary: kdelibs: use ca-certificates' ca-bundle.crt
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kdelibs
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Ngo Than
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 521911 kde-4.5
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-08 16:29 UTC by Tomas Hoger
Modified: 2018-01-06 23:09 UTC (History)
8 users (show)

Fixed In Version: akonadi-1.4.0-3.fc13
Doc Type: Enhancement
Doc Text:
Clone Of:
: 734446 734447 (view as bug list)
Environment:
Last Closed: 2017-12-31 21:25:44 UTC


Attachments (Terms of Use)
Extra certs in kdelibs bundle (4.17 KB, text/plain)
2009-09-08 16:32 UTC, Tomas Hoger
no flags Details


Links
System ID Priority Status Summary Last Updated
KDE Software Compilation 162485 None None None Never

Description Tomas Hoger 2009-09-08 16:29:40 UTC
Description of problem:
kdelibs (and kdelibs3) ship own bundle of trusted CA certificates (ca-bundle.crt, stored in /usr/share/kde4/apps/kssl and /usr/share/apps/kssl respectively).  Fedora already contains a separate package containing such bundle expected to be used for general web surfing (just like kdelibs' bundle) - ca-certificates package (bundle was previously provided by openssl).

Have you considered using bundle from ca-certificates instead of the one shipped with KDE sources?  Doing some search on the internet, people seem to expect "system" (i.e. ca-certificates') bundle to be use by default, even more now that KDE4's SSL management GUI is incomplete:

  http://bugs.kde.org/show_bug.cgi?id=162485

Comment 1 Tomas Hoger 2009-09-08 16:32:20 UTC
Created attachment 360102 [details]
Extra certs in kdelibs bundle

I did some rudimentary Subject-based diff between the bundles.  Attached list contains 30 CAs listed in kdelibs bundle and not in ca-certificates.  Plus another 12, which are already expired and hence should be safe to ignore now.

Comment 2 Rex Dieter 2009-09-08 18:14:47 UTC
Agreed, system copies are preferable.  I'll take a look.

not sure how best to handle the extra certs.

Comment 3 Rex Dieter 2009-09-08 18:24:51 UTC
My reading of
https://bugs.kde.org/show_bug.cgi?id=162485#c14
makes it sound like qt's ca-certs are used (though not purposefully, and that may soon change), so now that we have qt fixed (bug #521911), we get this one for free (for now, in kdelibs anyway).

Long-term we can look to fix this better (and for kdelibs3 too).

Comment 4 Rex Dieter 2009-09-08 18:44:44 UTC
Considerations:
* add kde certs to qt's ca-cert path too ?

* integrate something similar to patch referenced at https://bugs.kde.org/show_bug.cgi?id=162485#c17 , to load system ca-certificates 
  * with or without the ones included in kssl/ca-bundle.crt ?

Comment 5 Steven M. Parrish 2009-09-26 22:39:39 UTC
Ping any updates Rex?

-- 
Steven M. Parrish - KDE Triage Master
                  - PackageKit Triager
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 6 Rex Dieter 2009-11-12 14:00:30 UTC
no change, other than to reaffirm comment #3 , that our use of ca-certificates in qt should mean kde gets those for free.  Needs confirmation/testing however. 

Further, I'd feel better if there were more movement on the upstream bug (162485).

Comment 7 Rex Dieter 2010-01-29 19:34:05 UTC
Rats, according to this thread,
http://lists.kde.org/?t=126472494900001&r=1&w=2

kdelibs override's qt's ca cert bundle.

Comment 8 Rex Dieter 2010-08-26 18:16:51 UTC
%changelog
* Thu Aug 26 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.5.0-6
- use ca-certificates' ca-bundle.crt  (#521902)

Comment 9 Fedora Update System 2010-10-24 19:01:29 UTC
akonadi-1.4.0-3.fc13,attica-0.1.4-1.fc13,kde-l10n-4.5.2-1.fc13,kde-plasma-networkmanagement-0.9-0.28.20101011.fc13.2,kde-plasma-yawp-0.3.5-2.fc13,kdeaccessibility-4.5.2-1.fc13,kdeadmin-4.5.2-1.fc13,kdeartwork-4.5.2-1.fc13,kdebase-4.5.2-2.fc13,kdebase-runtime-4.5.2-3.fc13,kdebase-workspace-4.5.2-3.fc13,kdebindings-4.5.2-2.fc13,kdeedu-4.5.2-2.fc13,kdegames-4.5.2-1.fc13,kdegraphics-4.5.2-4.fc13,kdelibs-4.5.2-7.fc13,kdemultimedia-4.5.2-1.fc13,kdenetwork-4.5.2-1.fc13,kdepimlibs-4.5.2-1.fc13,kdeplasma-addons-4.5.2-1.fc13,kdesdk-4.5.2-1.fc13,kdetoys-4.5.2-1.fc13,kdeutils-4.5.2-1.fc13,oxygen-icon-theme-4.5.2-1.fc13,soprano-2.5.2-1.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/akonadi-1.4.0-3.fc13,attica-0.1.4-1.fc13,kde-l10n-4.5.2-1.fc13,kde-plasma-networkmanagement-0.9-0.28.20101011.fc13.2,kde-plasma-yawp-0.3.5-2.fc13,kdeaccessibility-4.5.2-1.fc13,kdeadmin-4.5.2-1.fc13,kdeartwork-4.5.2-1.fc13,kdebase-4.5.2-2.fc13,kdebase-runtime-4.5.2-3.fc13,kdebase-workspace-4.5.2-3.fc13,kdebindings-4.5.2-2.fc13,kdeedu-4.5.2-2.fc13,kdegames-4.5.2-1.fc13,kdegraphics-4.5.2-4.fc13,kdelibs-4.5.2-7.fc13,kdemultimedia-4.5.2-1.fc13,kdenetwork-4.5.2-1.fc13,kdepimlibs-4.5.2-1.fc13,kdeplasma-addons-4.5.2-1.fc13,kdesdk-4.5.2-1.fc13,kdetoys-4.5.2-1.fc13,kdeutils-4.5.2-1.fc13,oxygen-icon-theme-4.5.2-1.fc13,soprano-2.5.2-1.fc13

Comment 10 Fedora Update System 2010-11-04 23:37:01 UTC
akonadi-1.4.0-3.fc13, attica-0.1.4-1.fc13, kde-l10n-4.5.2-1.fc13, kde-plasma-networkmanagement-0.9-0.28.20101011.fc13.2, kde-plasma-yawp-0.3.5-2.fc13, kdeaccessibility-4.5.2-1.fc13, kdeadmin-4.5.2-1.fc13, kdeartwork-4.5.2-1.fc13, kdebase-4.5.2-2.fc13, kdebase-runtime-4.5.2-3.fc13, kdebase-workspace-4.5.2-3.fc13, kdebindings-4.5.2-2.fc13, kdeedu-4.5.2-2.fc13, kdegames-4.5.2-1.fc13, kdegraphics-4.5.2-4.fc13, kdemultimedia-4.5.2-1.fc13, kdenetwork-4.5.2-1.fc13, kdepimlibs-4.5.2-1.fc13, kdeplasma-addons-4.5.2-1.fc13, kdesdk-4.5.2-1.fc13, kdetoys-4.5.2-1.fc13, kdeutils-4.5.2-1.fc13, oxygen-icon-theme-4.5.2-1.fc13, soprano-2.5.2-1.fc13, kphotoalbum-4.1.1-6.fc13, themonospot-gui-qt-0.1.3-7.fc13, kcm-gtk-0.5.3-5.fc13, kcm_touchpad-0.3.1-3.fc13, kdebase3-3.5.10-17.fc13, digikam-1.5.0-1.fc13.1, kdelibs-4.5.2-8.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2017-12-29 03:25:08 UTC
kdelibs3-3.5.10-90.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e23674a9ec

Comment 12 Fedora Update System 2017-12-29 03:25:24 UTC
kdelibs3-3.5.10-90.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-eabbc65b10

Comment 13 Fedora Update System 2017-12-29 19:32:03 UTC
kdelibs3-3.5.10-90.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-e23674a9ec

Comment 14 Fedora Update System 2017-12-29 21:42:28 UTC
kdelibs3-3.5.10-90.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-eabbc65b10

Comment 15 Fedora Update System 2017-12-31 21:25:44 UTC
kdelibs3-3.5.10-90.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2018-01-06 23:09:08 UTC
kdelibs3-3.5.10-90.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.