[Pidgin] #9970: Error validating caps on certain XMPP disco responge

Pidgin trac at pidgin.im
Thu Aug 20 19:14:32 EDT 2009 

#9970: Error validating caps on certain XMPP disco responge
---------------------+------------------------------------------------------
 Reporter:  Redfern  |        Owner:  deryni 
     Type:  defect   |       Status:  pending
Milestone:           |    Component:  XMPP   
  Version:  2.6.1    |   Resolution:         
 Keywords:           |  
---------------------+------------------------------------------------------
Changes (by darkrain42):

  * status:  new => pending


Comment:

 I don't think Juick is properly calculating the SHA1 hash of its
 capabilities (which is why Pidgin complains it can't validate it).

 These are generated according to the XEP spec; note they don't match
 'mQaImD9z49bxELfcOw2D+c5rStc=' (which is the value Juick claims it should)

 {{{
 paul at haley:~$ echo -n
 'application/bot//Juick<http://jabber.org/protocol/bytestreams<http://jabber.org/protocol/caps<http://jabber.org/protocol/disco#info<http://jabber.org/protocol/disco#items<http://jabber.org/protocol/geoloc+notify<http://jabber.org/protocol/ibb<http://jabber.org/protocol/mood+notify<http://jabber.org/protocol/si<http://jabber.org/protocol/si/profile
 /file-transfer<http://jabber.org/protocol/tune+notify<vcard-temp' |
 openssl dgst -binary -sha1 | openssl enc -nopad -base64
 kdPeWilnoEghDObfqTtAp9otHfk=

 paul at haley:~$ echo -n
 'application/bot//Juick<http://jabber.org/protocol/bytestreams<http://jabber.org/protocol/caps<http://jabber.org/protocol/disco#info<http://jabber.org/protocol/disco#items<http://jabber.org/protocol/geoloc+notify<http://jabber.org/protocol/ibb<http://jabber.org/protocol/mood+notify<http://jabber.org/protocol/si/profile
 /file-
 transfer<http://jabber.org/protocol/si<http://jabber.org/protocol/tune+notify
 <vcard-temp' | openssl dgst -binary -sha1 | openssl enc -nopad -base64
 vf8uT5WVa83KYwLJ0BPOvEH8z6U=
 }}}

 When we can't validate the capabilities, we currently throw away the
 results, which is more extreme than it needs to be. I plan to change it at
 some point so that the caps are trusted for that specific user (but not
 for anyone else), but I believe Juick needs to fixed, too.

 Would you mind pointing the Juick creator/maintainer to this ticket so we
 can get his input, too?

-- 
Ticket URL: <http://developer.pidgin.im/ticket/9970#comment:1>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list