[Pidgin] #15308: SSL support appears to have been written by a lobotomy victim
Pidgin
trac at pidgin.im
Wed Sep 5 16:02:27 EDT 2012
#15308: SSL support appears to have been written by a lobotomy victim
--------------------+-------------------------------------------------------
Reporter: athena | Owner:
Type: defect | Status: pending
Milestone: | Component: libpurple
Version: 2.10.6 | Resolution:
Keywords: |
--------------------+-------------------------------------------------------
Comment(by abadidea):
No edit function? By "try to explain" I mean to the original ticket
opener, there was a brief twitter discussion. And my small text was
supposed to be normal text with a leading carat, I got markdown'd :)
Replying to [comment:6 abadidea]:
> I did try to explain that you appear to have a homerolled certificate
validator in lieu of the stubbed-out one but it was hard to have the
conversation over twitter.
>
> It really gave me a fright to see it stubbed out without remark though,
so I have a question: what is the rationale for using a homerolled
validation method separate from NSS, and could that rationale be added
inline as a comment to forestall any gray hairs in the future? :)
>
> That being said I have some other questions about said home-rolled
implementation.
>
> libpurple/certificate.c:298 /* If this is a single-certificate chain,
say that it is valid */
>
> ^ ... that doesn't sound right
>
> libpurple/certificate.c:1671 /* Next, attempt to verify the last
certificate is signed by a trusted
> * CA, or is a trusted CA (based on fingerprint).
> */
>
> ^ nor this, as it seems to be saying that you intend to accept
certificates as signers that are not themselves authorities.
--
Ticket URL: <http://developer.pidgin.im/ticket/15308#comment:7>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list