[Pidgin] #16835: Root certificate requests
Pidgin
trac at pidgin.im
Wed May 25 04:23:15 EDT 2016
#16835: Root certificate requests
---------------------+------------------------
Reporter: dx | Owner:
Type: defect | Status: new
Milestone: | Component: libpurple
Version: 2.10.11 | Resolution:
Keywords: |
---------------------+------------------------
Comment (by MrTux):
Replying to [comment:14 EionRobb]:
> Try and implement it and see.
>
> NSS can only use the NSS cert store. Win32 can only use the win32 cert
store. gnutls can only use the gnutls cert store. There's no mix-and-
match.
This is true, but only in a very strict sense. NSS and OpenSSL and other
libraries do check the certificates with their own cert store. But if that
fails, all crypto APIs I know have a callback which is called when
validation failed and then there a pointer to the certificate (DER-
encoded) is included. Now, within THIS callback where the dialog for the
user is shown right now, you can also use the certificate validation of
the Windows CryptoAPI to verify that DER-encoded certificate (there is a
special API for this, no need to do the whole encryption with CryptoAPI).
I used that API in the code I linked here.
At the end I don't care if NSS or CryptoAPI is used for the whole
encryption. However, I do care for certificate validation.
PS: TortoiseSVN uses OpenSSL for encryption, but also uses the WIndows
cert store.
--
Ticket URL: <https://developer.pidgin.im/ticket/16835#comment:15>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list