Comment 69 for bug 334191

I'll try a list of things that don't work:

* Certificate management missing: The only way to add root CAs is by modifying the text file /usr/share/kde4/apps/kssl/ca-bundle.crt by hand (and this is especially annoying when you, like me, check out and test new KDE releases frequently). Solution: Look at KDE 3.5.10 for certificate management. The user shall have the ability to import certificates, to trust particular site-certificates "forever" or "for session", and inspect them in a certificate manager where he can add/delete or change status of certificates.

* Konqueror gives false sense of security by showing a green checkmarked shield when the check actually failed through a missing root CA (for class 3 certificates, where the root CA is actually part of the certificate, but can't be trusted). The same is true for other kssl clients like kmail, which also silently accept such a certificate without warning and without any way to inspect the validity of the certificate. There shall be a way to inspect all kssl connections active or recently used (e.g. by having a kssl icon in the tray bar).

* Client certificate management missing: There is no way to use a client certificate for client authentication through kssl. Again, look at KDE 3.5.10 for client certificate management, and how to deal with it. The user must have the ability to import his client certificates - or use Kleopatra as client certificate manager. He also shall be prompted with a client certificate request dialog when such a request comes from a SSL connection - and then should be given the option to "send selected certificate", "don't send a certificate", and chose to remember this setting for the specific site or all sites forever/per session (especially if he doesn't have or wants a client certificate, choosing "never, ever" to avoid annoyances is important). He shall be able to review all those choices as usual (client certificates are cryptographically strong cookies, so treat them as similar to cookies as possible).

I found the certificate management as part of Konqueror config slightly konfusing in KDE 3.5.10, I'd rather suggest that this is a separate entity, e.g. throught the suggested kssl icon in the tray. kssl is used by more programs than just Konqueror.