[Pidgin] #7566: Pidgin 2.5.2 does not save ssl information
Pidgin
trac at pidgin.im
Sun Nov 16 20:44:11 EST 2008
#7566: Pidgin 2.5.2 does not save ssl information
----------------------------------------+-----------------------------------
Reporter: publicunimail | Owner:
Type: defect | Status: new
Milestone: | Component: pidgin (gtk)
Version: 2.5.2 | Resolution:
Keywords: security ssl bug important |
----------------------------------------+-----------------------------------
Description changed by publicunimail:
Old description:
> Pidgin 2.5.2 does not save ssl information in a usable fashion. That is,
> after i accept an ssl certificate for talk.gmail.com (common name
> goolgle.com) or for various irc ssl connections, on disconnect or
> reopening pidgin it will prompt me to accept the same certificate again.
> This means that ssl verification on these connections is not really able
> to be used. Unless you store the certificate or are able to confirm that
> certificate you said yes to previously is the same.
>
> This behavior does not occur on debian lenny using the 2.4.3 pidgin which
> they patched re the previous pidgin ssl problem.
New description:
Pidgin 2.5.2 does not save ssl information in a usable fashion. That is,
after i accept an ssl certificate for talk.gmail.com (common name
goolgle.com) or for various irc ssl connections, on disconnect or
reopening pidgin it will prompt me to accept the same certificate again.
This means that ssl verification on these connections is not really able
to be used. Unless you store the certificate or are able to confirm that
certificate you said yes to previously is the same.
This behavior does not occur on debian lenny using the 2.4.3 pidgin which
they patched re the previous pidgin ssl problem.
I have to note that debian's 2.4.3 also has an issue with gmail.... "The
certificate presented by "talk.google.com" claims to be from "gmail.com"
instead. This could mean that you are not connecting to the service you
believe you are." That is where a certificate is not from the service you
are connecting too the certificate is not stored in an "accepted" state.
However, just to clarify on the irc ssl connections pidgin 2.5.2 will
prompt on reconnect / reopen of pidgin to accept / reject the same
certificate from the same service it had previously been told to accept.
--
--
Ticket URL: <http://developer.pidgin.im/ticket/7566#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list