Your message dated Mon, 1 Feb 2016 14:21:33 +0100
with message-id <[email protected]>
and subject line Re: Bug#813228: Thanks
has caused the Debian Bug report #813228,
regarding znc: doesn't validate TLS certificate of IRC server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
813228: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813228
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: znc
Version: 1.4-2
Severity: normal
Dear Maintainer,
The version in jessie does not validates the certificate of the IRC server. Here
is the patch doing it that is merged upstream:
https://github.com/znc/znc/pull/761
I didn't try if it applies cleany to jessie, but I think it might.
Please let me know if I can help you with tests or something.
Thanks a lot,
Rodrigo
--- End Message ---
--- Begin Message ---
Hi
Am 30.01.2016 um 22:35 schrieb Rodrigo Campos:
Yes, I know it's present in newer versions. Didn't know this is whishlist,
sorry. I tought it was normal as MITM attacks are easier when no cert validation
is done at all.
I asked because the SSLCiphers were backported (although that probably is an
even simpler patch) to 1.4 and thought this is an important feature too, and
hopefully not too invasive (the patch I linked is not a one line patch, but it
doesn't change A LOT. Although I don't know if it applies fine).
But if it won't be backported (whatever reason), I will probably not use the
jessie znc package.
Thanks for your clarification Thomas.
@Rodrigo:
This isn't something which could be backported to jessie.
But I may backport znc to jessie-backports in the future (not for 1.6.2)
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
Blog: http://www.linux-dev.org/
E-Mail: [email protected]
[email protected]
*/
--- End Message ---
