Better comments for #15308 and a small vulnerability possible

Mark Doliner mark at kingant.net
Sun Jan 12 14:12:23 EST 2014


Hi Tomasz. Thanks for improving this code, and sorry for not looking
at it or responding until now.

I'm not very familiar with our ssl or certificate validation code and
I didn't quite follow all this. I see that you committed the patch in
revision 72bdcc0f7267. So does that mean that we think
purple_certificate_find_verifier() never fails? But you didn't get rid
of the else clause in ssl_nss_handshake_cb()... is that because you
think there are times when gsc->verifier can be NULL?


More information about the security mailing list