[Pidgin] #15308: SSL support appears to have been written by a lobotomy victim

Pidgin trac at pidgin.im
Wed Sep 5 08:22:07 EDT 2012 

#15308: SSL support appears to have been written by a lobotomy victim
--------------------+-------------------------------------------------------
 Reporter:  athena  |        Owner:           
     Type:  defect  |       Status:  new      
Milestone:          |    Component:  libpurple
  Version:  2.10.6  |   Resolution:           
 Keywords:          |  
--------------------+-------------------------------------------------------

Comment(by datallah):

 Replying to [ticket:15308 athena]:
 > Allow me to direct your attention to the function ssl_auth_cert() in
 libpurple/plugins/ssl/ssl-nss.c:
 http://hg.pidgin.im/pidgin/main/file/52cc04429e2c/libpurple/plugins/ssl
 /ssl-nss.c#l160
 >
 > Note the rather ill-chosen preprocessor directives, making the use of
 SSL essentially worthless, as MITMing this crawling horror would be no
 more difficult than a plain, unencrypted TCP connection.

 If you don't look carefully, it may appear that the NSS plugin doesn't do
 any validation of the SSL certificates, but that isn't the case; the
 validation is done, just not by the `SSL_AuthCertificateHook` hook.

 If you look at
 [http://hg.pidgin.im/pidgin/main/file/52cc04429e2c/libpurple/plugins/ssl
 /ssl-nss.c#l451 ssl-nss.c#l454], you'll see that before the SSL connection
 is considered "connected" from libpurple's perspective,
 `ssl_nss_handshake_cb` is called to validate the certificate using the
 libpurple's `purple_certificate_verify` functionality.


 <SNIP>

 > Thus, the order of plugin loading and thus whether or not a user with
 both SSL plugins built will bother checking any certificates will
 ultimately be determined by such factors as the order in which the plugin
 binaries were installed and the choice of filesystem.

 I think this is accurate.  I think the expectation is that there would be
 only one SSL plugin, perhaps that should be made more clear.  This is
 presumably why builds like the ubuntu build you linked to build only one
 SSL plugin.

 > I strongly advise suggesting distributors prefer GnuTLS over NSS, then
 fixing NSS, then reconsidering your lack of OpenSSL support, and exposing
 a UI to let the user choose which SSL plugin to use when more than one is
 available.  Passing a licensing purity test is not worth this absurd
 Potemkin village security.

 The GnuTLS plugin performs the certificate validation in essentially the
 same way as the NSS plugin does.

 It's simply not an option to use OpenSSL, our license (which we couldn't
 change if we wanted to because several contributers have stated that they
 are unwilling to give permission to do so) does not allow for it.

 I strongly advise you to reconsider your attitude when reporting tickets;
 being intentionally inflammatory doesn't help any sort of interaction.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/15308#comment:3>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list