[Pidgin] #15308: SSL support appears to have been written by a lobotomy victim
Pidgin
trac at pidgin.im
Wed Sep 5 14:29:01 EDT 2012
#15308: SSL support appears to have been written by a lobotomy victim
--------------------+-------------------------------------------------------
Reporter: athena | Owner:
Type: defect | Status: pending
Milestone: | Component: libpurple
Version: 2.10.6 | Resolution:
Keywords: |
--------------------+-------------------------------------------------------
Comment(by abadidea):
I did try to explain that you appear to have a homerolled certificate
validator in lieu of the stubbed-out one but it was hard to have the
conversation over twitter.
It really gave me a fright to see it stubbed out without remark though, so
I have a question: what is the rationale for using a homerolled validation
method separate from NSS, and could that rationale be added inline as a
comment to forestall any gray hairs in the future? :)
That being said I have some other questions about said home-rolled
implementation.
libpurple/certificate.c:298 /* If this is a single-certificate chain, say
that it is valid */
^ ... that doesn't sound right
libpurple/certificate.c:1671 /* Next, attempt to verify the last
certificate is signed by a trusted
* CA, or is a trusted CA (based on fingerprint).
*/
^ nor this, as it seems to be saying that you intend to accept
certificates as signers that are not themselves authorities.
--
Ticket URL: <http://developer.pidgin.im/ticket/15308#comment:6>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list