pidgin: 6f4d0e18: disapproval of revision '39b90ee2c4d49d8...

darkrain42 at pidgin.im darkrain42 at pidgin.im
Wed Jul 22 03:36:00 EDT 2009 

-----------------------------------------------------------------
Revision: 6f4d0e183ebb11a95980e184e63bd4709aa24306
Ancestor: 39b90ee2c4d49d80e4f9befbc80cb9684cf05209
Author: darkrain42 at pidgin.im
Date: 2009-07-22T06:10:17
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/6f4d0e183ebb11a95980e184e63bd4709aa24306

Modified files:
        configure.ac libpurple/plugins/ssl/ssl-nss.c

ChangeLog: 

disapproval of revision '39b90ee2c4d49d80e4f9befbc80cb9684cf05209'

This was a bad recommendation on my part. Let's handle older certificate algorithms a different way.

-------------- next part --------------
============================================================
--- configure.ac	d46f51e840af61fb507e318a930ea9e0440b5ccc
+++ configure.ac	987128bd7b662b7a1944cce0b0b60a7b46a28ef1
@@ -2020,23 +2020,6 @@ fi
 	AC_SUBST(NSS_CFLAGS)
 	AC_SUBST(NSS_LIBS)
 fi
- 
-if test "x$enable_nss" = "xyes"; then
-	AC_MSG_CHECKING(for NSS_SetAlgorithmPolicy)
-	LIBS_save="$LIBS"
-	LIBS="$LIBS $NSS_LIBS"
-	CPPFLAGS_save="$CPPFLAGS"
-	CPPFLAGS="$CPPFLAGS $NSS_CFLAGS"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <nss.h>
-#include <secmod.h>],
-                                        [NSS_SetAlgorithmPolicy(SEC_OID_MD2, 0, 0);])],
-	               [AC_DEFINE([NEED_NSS_WEAK_ALGORITHMS], 1,
-                                  [Define if your NSS needs weak algorithms activated with NSS_SetAlgorithmPolicy])
-	                AC_MSG_RESULT(yes)],
-	               [AC_MSG_RESULT(no)])
-	CPPFLAGS="$CPPFLAGS_save"
-        LIBS="$LIBS_save"
-fi
 
 AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
 
============================================================
--- libpurple/plugins/ssl/ssl-nss.c	5d35e88f8d79d3e07316c324c55c30cec67a1aad
+++ libpurple/plugins/ssl/ssl-nss.c	54d9228e9319318b825b3aa486075d372e8cc8aa
@@ -152,12 +152,6 @@ ssl_nss_init_nss(void)
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
-#ifdef NEED_NSS_WEAK_ALGORITHMS
-	/* Enable some weaker algorithms for XMPP and MSN */
-	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
-	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
-#endif
-
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }

More information about the Commits mailing list