Hi Luiz, (looping in devel and security mailing lists) Apologies for there not being any follow-up to your ticket. We are just a bunch of volunteers who work on Pidgin in our spare time, so promptness isn't always guaranteed.
To help with your ticket, do you have an example server that we can test against? a) to test if things are broken using NSS instead of gnutls and b) to verify any potential fixes? It's probably safe to say that the setup you've got isn't the majority of SSL use-cases and I doubt that any of us who work on Pidgin would have certs in a similar setup. I see that you've also had a look through how the code works for the gnutls verification. Have you had a chance to try fixing the issue yourself? If so, are there any patches or PR's that you might be interested in supplying to help speed things along? Cheers, Eion On Wed, 10 Jul 2019 at 05:44, Luiz Angelo Daros de Luca <[email protected]> wrote: > Hello, > > I've opened a bug report regard this issue. > > https://developer.pidgin.im/ticket/17393 > > But there is no feedback for it. It could even be classified as a security > bug as > pidgin/libpurple is not validating certificates correctly, resulting in > name constraints errors (both validating where it should not and not > checking it when it should). > > Regards, > --- > Luiz Angelo Daros de Luca > [email protected] > _______________________________________________ > [email protected] mailing list > Want to unsubscribe? Use this link: > https://lists.pidgin.im/listinfo/support
_______________________________________________ [email protected] mailing list Want to unsubscribe? Use this link: https://lists.pidgin.im/listinfo/support
