Version 11 (modified by 17 years ago) (diff) | ,
---|
General Description
Pidgin doesn't currently do any certificate verification for SSL. In order to properly do this and ensure security, a certificate manager (something like Mozilla's) needs to be added.
This is William Ehlhardt's project for Summer of Code
Issues
- It looks like PKCS12 (the certificate import/export format) is supported by both libNSS and GnuTLS.
- Should GnuTLS be prioritized over libNSS? I'm going with GnuTLS first, as I understand it better.
TODO
- Look at how the SILC prpl does its key management, especially the organization of the API used to check certs and interact with the user to verify them.
- Add some way of passing useful error messages back up out of the SSL interface (23 May)
- Fix purple_ssl_init in sslconn.c; it doesn't do anything (23 May)
- Talking to nosnilmot suggests that this ought to just be removed outright (24 May)
- Figure out how to get key fingerprints out of libNSS and GnuTLS (25 May)
Status
25 May 2007
Divergence point reached. With the addition of purple_base16_encode_chunked, my changes will force at least a minor version increment.
23 May 2007
Using "Document the SSL interface as it exists now" as an excuse to build a branch and learn Doxygen
17 May 2007
Reading documentation. Lots of it.