pidgin: 39b90ee2: Enable the weaker MD2 and MD4 with RSA e...

qulogic at pidgin.im qulogic at pidgin.im
Sat Jul 11 03:05:35 EDT 2009


-----------------------------------------------------------------
Revision: 39b90ee2c4d49d80e4f9befbc80cb9684cf05209
Ancestor: 3e9a3f364e2e03052d3610d11e94c71f50fdacf5
Author: qulogic at pidgin.im
Date: 2009-07-11T06:46:21
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/39b90ee2c4d49d80e4f9befbc80cb9684cf05209

Modified files:
        configure.ac libpurple/plugins/ssl/ssl-nss.c

ChangeLog: 

Enable the weaker MD2 and MD4 with RSA encryption signing algorithms that
are now disabled in NSS 3.12.3. This allows signing in without errors on at
least MSN, and some XMPP servers.

Fixes #9360.

-------------- next part --------------
============================================================
--- configure.ac	987128bd7b662b7a1944cce0b0b60a7b46a28ef1
+++ configure.ac	d46f51e840af61fb507e318a930ea9e0440b5ccc
@@ -2020,6 +2020,23 @@ fi
 	AC_SUBST(NSS_CFLAGS)
 	AC_SUBST(NSS_LIBS)
 fi
+ 
+if test "x$enable_nss" = "xyes"; then
+	AC_MSG_CHECKING(for NSS_SetAlgorithmPolicy)
+	LIBS_save="$LIBS"
+	LIBS="$LIBS $NSS_LIBS"
+	CPPFLAGS_save="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $NSS_CFLAGS"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <nss.h>
+#include <secmod.h>],
+                                        [NSS_SetAlgorithmPolicy(SEC_OID_MD2, 0, 0);])],
+	               [AC_DEFINE([NEED_NSS_WEAK_ALGORITHMS], 1,
+                                  [Define if your NSS needs weak algorithms activated with NSS_SetAlgorithmPolicy])
+	                AC_MSG_RESULT(yes)],
+	               [AC_MSG_RESULT(no)])
+	CPPFLAGS="$CPPFLAGS_save"
+        LIBS="$LIBS_save"
+fi
 
 AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
 
============================================================
--- libpurple/plugins/ssl/ssl-nss.c	54d9228e9319318b825b3aa486075d372e8cc8aa
+++ libpurple/plugins/ssl/ssl-nss.c	5d35e88f8d79d3e07316c324c55c30cec67a1aad
@@ -152,6 +152,12 @@ ssl_nss_init_nss(void)
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
+#ifdef NEED_NSS_WEAK_ALGORITHMS
+	/* Enable some weaker algorithms for XMPP and MSN */
+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+#endif
+
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }


More information about the Commits mailing list