[Bug 63810] idle basically doesn't validate SSL/TLS certificates
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Apr 28 22:06:42 CEST 2013
https://bugs.freedesktop.org/show_bug.cgi?id=63810
--- Comment #9 from Sjoerd Simons <sjoerd at luon.net> ---
(In reply to comment #4)
> Created attachment 78341 [details] [review]
> IdleServerConnection: check certificates properly, except in the tests
>
> ---
>
> I deliberately didn't add an ignore-ssl-errors boolean parameter, because
> there doesn't seem much point, other than regression testing: all public IRC
> services listen on a non-SSL port, and SSL vs. non-SSL cannot be
> auto-detected on IRC (there is no STARTTLS support), so we only use SSL if
> the user has explicitly set use-ssl to TRUE. So, users who would otherwise
> use ignore-ssl-errors can just turn off use-ssl.
This implies you seem to think encrypted, but unverified connections are not
valuable. Which is not practically true.
> Meanwhile, private SSL-only IRC servers (e.g. a company's internal IRC) can
> and should have a proper certificate, either from a company CA or from
> Startcom or something.
They indeed should, but if they don't that doesn't mean their users can force
that change to happen. Those users, without an option to turn of certificate
checking (or until my interactive tls patch are merged) won't be able to use
idle for IRC which is somewhat sad.
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the telepathy-bugs
mailing list