Better comments for #15308 and a small vulnerability possible

Tomasz Wasilczyk tomasz at
Mon Jan 13 07:10:15 EST 2014

W dniu 12.01.2014 20:12, Mark Doliner pisze:
> Hi Tomasz. Thanks for improving this code, and sorry for not looking
> at it or responding until now.
> I'm not very familiar with our ssl or certificate validation code and
> I didn't quite follow all this. I see that you committed the patch in
> revision 72bdcc0f7267. So does that mean that we think
> purple_certificate_find_verifier() never fails? But you didn't get rid
> of the else clause in ssl_nss_handshake_cb()... is that because you
> think there are times when gsc->verifier can be NULL?

In Pidgin, it's a dead code. It's just in case, ie. for other libpurple 
forks. Just to be safe.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4222 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <>

More information about the security mailing list