[Bug 38749] Accept extra certificate identities without relying on an external channel handler
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue Jun 28 17:18:28 CEST 2011
https://bugs.freedesktop.org/show_bug.cgi?id=38749
Marco Barisione <marco.barisione at collabora.co.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |http://cgit.collabora.com/g
| |it/user/bari/telepathy-gabb
| |le.git/log/?h=extra-certifi
| |cate-identities
Status|NEW |ASSIGNED
Keywords| |patch
AssignedTo|telepathy-bugs at lists.freede |marco.barisione at collabora.c
|sktop.org |o.uk
--- Comment #1 from Marco Barisione <marco.barisione at collabora.co.uk> 2011-06-28 08:18:28 PDT ---
I fixed the bug in
http://cgit.collabora.com/git/user/bari/wocky.git/log/?h=extra-certificate-identities
and
http://cgit.collabora.com/git/user/bari/telepathy-gabble.git/log/?h=extra-certificate-identities
In wocky/wocky-tls-handler.c there is this comment:
/* When lenient, don't check the peername, set cert flags accordingly.
* When 'strict', leave the flags at NORMAL and check the peername.
* Under legacy SSL, the connect hostname is the preferred peername.
* Under STARTTLS, we check the domain regardless of the connect server.
I'm not sure what the comment is talking about to be honest. Was it already
outdated before my changes?
With this patches passing talk.google.com in extra-certificate-identities is
not needed as it's already the server name. This seems to me like the right
behaviour, what do you think?
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list