Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
| Version 1 (modified by wehlhard, 17 years ago)
(diff) |
|---|
|
create a separate todo list
|
Issues
- Jabber (and possibly others) use the purple_ssl_connect_fd function to build an SSL connection over a previously existing ProxyConnection?. Since all the SSL side sees is the file descriptor in this case, hostname verification is impossible. (29 May)
- talk.google.com gives back a gmail.com certificate?! (29 May)
Resolved Issues
- It looks like PKCS12 (the certificate import/export format) is supported by both libNSS and GnuTLS.
TODO
- General paranoia
- Look at how the SILC prpl does its key management, especially the organization of the API used to check certs and interact with the user to verify them.
- Add some way of passing useful error messages back up out of the SSL interface (23 May)
- Fix purple_ssl_init in sslconn.c; it doesn't do anything (23 May)
- Talking to nosnilmot suggests that this ought to just be removed outright (24 May)
- Figure out libNSS everything. (25 May)
- Why am I getting single-byte serial numbers from servers? (25 May)
- Work out how to use Glib functions for time checking on certificates. (29 May)
- Stall the timeouts on the TCP connection while waiting for user input on SSL? (29 May)
- Worry about ensuring that plugins don't kill in-use ciphers/certschemes when unloaded? (29 May)
- GnuTLS and NSS should probably be configured to use g_malloc and g_free for paranoia's sake (1 June)
Tasks done
- Figure out how to get key fingerprints out of GnuTLS (25 May, 25 May))
Download in other formats:
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!
