[Pidgin] #15247: sslconn: Allow protocol plugins to set flags customizing SSL connection behavior
Pidgin
trac at pidgin.im
Fri Aug 3 16:06:40 EDT 2012
#15247: sslconn: Allow protocol plugins to set flags customizing SSL connection
behavior
-------------------+--------------------------------------------------------
Reporter: haakon | Type: patch
Status: new | Component: libpurple
Version: 2.10.6 | Keywords: ssl options ocs lync sipe CVE-2011-3389
-------------------+--------------------------------------------------------
Libpurple allows protocol plugins to create SSL connections with
parameters that the SSL backend (NSS, GnuTLS or whatever) uses as default.
Most of the time this is sufficient, but there are services which require
specific SSL settings to be able to successfully establish communication.
One such example is Microsoft OCS, that
[https://bugzilla.mozilla.org/show_bug.cgi?id=702111#c32 doesn't support
1/n-1 record splitting] enabled by default in NSS 3.13.1 as a
countermeasure for
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
CVE-2011-3389]. Since then, connection to OCS is only possible with a
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649456#27 workaround],
setting an environment variable that user has to know. Also, that variable
affects every SSL connection, unnecessarily decreasing security of other
than OCS SSL.
To solve the problem I propose this extension to libpurple's API that
allows protocol plugins to enable or disable different flags affecting SSL
connection being created (right now there is only one flag). The idea is
that plugin sets the flags it requires, calls ''purple_ssl_connect'' and
unsets the flags afterward so that other connections and protocols are not
affected.
--
Ticket URL: <http://developer.pidgin.im/ticket/15247>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list