Ticket #3232 (closed enhancement: duplicate)

Opened 3 years ago

Last modified 3 years ago

Use system SSL ca-certificates

Reported by: anonymous Owned by: asterix
Priority: normal Milestone:
Component: xmpppy Version:
Severity: normal Keywords:
Cc: Blocked By:
OS: All Blocking:

Description

Since most Linuxdistributions store their ca-certificates in /etc/ssl/certs/ or /usr/share/ca-certificates/, why not implement something like:

for cert in os.listdir("/etc/ssl/certs/"):

if cert[-3:] == "pem" and os.access("/etc/ssl/certs/%s" % cert, os.F_OK):

tcpsock._sslContext.load_verify_locations("/etc/ssl/certs/%s" % cert)

So that SSL connections signed by well-known CAs pass the certificate check.

+ Gajim should show at least an information message when the test fails. I mean, who needs SSL if there is no protection agains mitm ;)

Attachments

Change History

Changed 3 years ago by anonymous

Ps. No, your cacerts.pem is far from beeing complete. p.e. cacert.org

Changed 3 years ago by misc

As the distribution i am using ( mandriva ) do not seems to use these locations, and as i am not sure this is ruled by fhs, or lsb ( and in fact, i would not be surprised that this is the complete anarchy :/ ), maybe the location could be specified as a configure option ?

Changed 3 years ago by asterix

  • status changed from new to closed
  • resolution set to duplicate

implentation is of course not finished, it why you see error message only in console, and ticket #1923 is not closed.

let's continue discution in #1923

Add/Change #3232 (Use system SSL ca-certificates)

Author


E-mail address and user name can be saved in the Preferences.


Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
Next status will be 'needinfo'
 
Note: See TracTickets for help on using tickets.