[Bug 63810] idle basically doesn't validate SSL/TLS certificates
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Apr 24 19:37:31 CEST 2013
https://bugs.freedesktop.org/show_bug.cgi?id=63810
Simon McVittie <simon.mcvittie at collabora.co.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #8 from Simon McVittie <simon.mcvittie at collabora.co.uk> ---
Fixed in 0.1.15.
The minimal patch for distributors of Idle 0.1.11-0.1.14 is something more like
this:
diff --git a/src/idle-server-connection.c b/src/idle-server-connection.c
index 5b8629c..8c8eeff 100644
--- a/src/idle-server-connection.c
+++ b/src/idle-server-connection.c
@@ -469,9 +469,4 @@ IdleServerConnectionState
idle_server_connection_get_state(IdleServerConnection
void idle_server_connection_set_tls(IdleServerConnection *conn, gboolean tls)
{
IdleServerConnectionPrivate *priv =
IDLE_SERVER_CONNECTION_GET_PRIVATE(conn);
g_socket_client_set_tls(priv->socket_client, tls);
- g_socket_client_set_tls_validation_flags(priv->socket_client,
- G_TLS_CERTIFICATE_VALIDATE_ALL
- & ~G_TLS_CERTIFICATE_UNKNOWN_CA
- & ~G_TLS_CERTIFICATE_BAD_IDENTITY
- & ~G_TLS_CERTIFICATE_EXPIRED);
}
(which breaks the regression tests, but is minimal). That's what I plan to do
for Debian 7.
I don't plan to implement certificate verification for 0.1.10 or older. If a
distributor wants to do so, they're welcome to share patches via this bug.
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the telepathy-bugs
mailing list