Problem with AIM

Duncan Berriman duncan at berrimans.co.uk
Mon Jan 27 12:10:18 EST 2014 

Hi Dainel,

 

Whilst I understand your point there are 2 options in a live environment.

 

Option 1 - Do what I’ve done until the correct solution can be found or obtained, not always possible immediately.

Option 2- Have your service offline for a number of hours until a solution is found or obtained and implemented.

 

I guess I could of checked to ensure it was the AIM certificate that it was asking about with a compare on the primary and seconday strings to make it less ‘wrong’. This was more a proof of concept rather than solution to the certificate issue.

 

The method I provided is purely as a stop gap whilst a solution is found or can be used in other circumstances when using a robot or headless piece of code and some (unexpected) question has to be answered via a callback.

 

In a number of years of running my libpurple robot it is nearly always certificates on the providers end of which I have no influence which have caused problems as they expire or require a new chain certificate. Thus I would intend to make this code optional so it can be quickly enabled as a temporary workaround whilst I find a solution.


It is not intended as a permanent fix.

 

I would however appreciate any comments re the actual code.


Since posting I’ve done some more research and it would appear the 2nd parameter is ignored in this callback so passing 0 is valid.

 

Duncan

 

From: Daniel Atallah [mailto:daniel.atallah at gmail.com] 
Sent: 27 January 2014 16:49
To: Duncan Berriman
Cc: Pidgin Devel Mailing List
Subject: Re: Problem with AIM

 


On Mon, Jan 27, 2014 at 10:32 AM, Duncan Berriman <duncan at berrimans.co.uk> wrote:
>
> Hi,
>
> I did some more work on my code which may be of use to others as I see quite
> a number of questions re capturing and responding to requests when using
> libpurple as a robot or headless.
>
> This works as I can see the callback working (the request is closed) and the
> program manages to logon to AIM without the certificate present but I'm not
> sure it is totally correct. I can also see it fail to connect (as expected)
> if I change the code to do 'Reject' instead of 'Accept'.

I think you're going down the wrong path with this.

You almost certainly shouldn't (effectively) disabling certificate validation - that's a horrible thing to do.

As Mark noted, the issue with AIM is that they have a new cert that's signed by a CA isn't in the default pidgin CA list - the right way to resolve that particular issue is to add the CA to the CA list you're using.

 

If there is a particular server that is outside of your control which is using an invalid or expired cert (which is not the case with AIM), a very specific exception (for that server and certificate combination) *might* be a reasonable thing to implement, but the global thing you've done is just wrong.

-D


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and is 
believed to be clean. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/devel/attachments/20140127/61a07497/attachment.html>

More information about the Devel mailing list