[Pidgin] #15308: SSL support appears to have been written by a lobotomy victim

Pidgin trac at pidgin.im
Wed Sep 5 16:02:27 EDT 2012


#15308: SSL support appears to have been written by a lobotomy victim
--------------------+-------------------------------------------------------
 Reporter:  athena  |        Owner:           
     Type:  defect  |       Status:  pending  
Milestone:          |    Component:  libpurple
  Version:  2.10.6  |   Resolution:           
 Keywords:          |  
--------------------+-------------------------------------------------------

Comment(by abadidea):

 No edit function? By "try to explain" I mean to the original ticket
 opener, there was a brief twitter discussion. And my small text was
 supposed to be normal text with a leading carat, I got markdown'd :)

 Replying to [comment:6 abadidea]:
 > I did try to explain that you appear to have a homerolled certificate
 validator in lieu of the stubbed-out one but it was hard to have the
 conversation over twitter.
 >
 > It really gave me a fright to see it stubbed out without remark though,
 so I have a question: what is the rationale for using a homerolled
 validation method separate from NSS, and could that rationale be added
 inline as a comment to forestall any gray hairs in the future? :)
 >
 > That being said I have some other questions about said home-rolled
 implementation.
 >
 > libpurple/certificate.c:298 /* If this is a single-certificate chain,
 say that it is valid */
 >
 > ^ ... that doesn't sound right
 >
 > libpurple/certificate.c:1671 /* Next, attempt to verify the last
 certificate is signed by a trusted
 >        * CA, or is a trusted CA (based on fingerprint).
 >        */
 >
 > ^ nor this, as it seems to be saying that you intend to accept
 certificates as signers that are not themselves authorities.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/15308#comment:7>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list