[Pidgin] #4570: The XMPP plugin uses the hostname given by the SRV record to perform certificate validation
Pidgin
trac at pidgin.im
Sat Jan 5 13:03:01 EST 2008
#4570: The XMPP plugin uses the hostname given by the SRV record to perform
certificate validation
----------------------+-----------------------------------------------------
Reporter: steffen | Owner: lschiere
Type: defect | Status: new
Priority: minor | Milestone:
Component: XMPP | Version: 2.3.1
Resolution: | Keywords:
Pending: 0 |
----------------------+-----------------------------------------------------
Changes (by rlaager):
* owner: nwalp => lschiere
Comment:
Replying to [comment:2 steffen]:
> Replying to [comment:1 rlaager]:
> > If an attacker controls the DNS of that domain, I think you've lost.
> I don't think so. (That's what the certificates are for, isn't it?)
That's a good point. I was thinking more about HTTPS. I suppose this is
different because you can easily get a cert for a domain you control, even
if you can't get one for the domain you hacked.
> Anyway, using the names from the SRV RRs causes trouble (for self-signed
certificates you'll have to accept the certificate multiple times when you
have more than one SRV RR) and RFC 3920 says otherwise: (RFC 3920 5.1.)
Well, that answers that then. I don't know who to assign this to, but we
should definitely fix this.
--
Ticket URL: <http://developer.pidgin.im/ticket/4570#comment:3>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list