Better comments for #15308 and a small vulnerability possible
Tomasz Wasilczyk
tomasz at wasilczyk.pl
Mon Jan 13 07:10:15 EST 2014
W dniu 12.01.2014 20:12, Mark Doliner pisze:
> Hi Tomasz. Thanks for improving this code, and sorry for not looking
> at it or responding until now.
>
> I'm not very familiar with our ssl or certificate validation code and
> I didn't quite follow all this. I see that you committed the patch in
> revision 72bdcc0f7267. So does that mean that we think
> purple_certificate_find_verifier() never fails? But you didn't get rid
> of the else clause in ssl_nss_handshake_cb()... is that because you
> think there are times when gsc->verifier can be NULL?
In Pidgin, it's a dead code. It's just in case, ie. for other libpurple
forks. Just to be safe.
Tomek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4222 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140113/d584fd25/attachment.bin>
More information about the security
mailing list