| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
any message can show the attached URL.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | |
| | |
| | |
| | | |
Release 2.x.y
Approved-by: Richard Laager
|
| | | |
|
| | | |
|
| | | |
|
| | |\ |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| |/ / / |
|
| | |/
| |/| |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes an issue with google talk's certificates and gnutls, where the root
certificate in the provided chain is a slightly different version of the one
that is usually present in the certificate stores, but the SubjectPublicKeyInfo
section is the same.
This adds a PurpleCertificateScheme function, compare_pubkeys, and its wrapper
purple_certificate_compare_pubkeys().
This is only implemented for gnutls, since the NSS plugin only uses the NSS
certificate validation code. Even if that path was reachable from a plugin that
doesn't implement this method, it would return FALSE and behave as if this bug
was never fixed.
The gnutls implementation uses the gnutls_x509_crt_get_key_id() function,
which returns a hash of the SubjectPublicKeyInfo section of the certificate.
In gnutls versions older than 3.4.1, this may be a SHA1 hash, but after that
version SHA256 support was added (without much fanfare - the documentation
barely mentions this at all), and we just use the constant for the best known
algo, which for current versions is just SHA256. Older versions ignore that
flag parameter.
The whole comparison is modeled after the private _gnutls_check_if_same_key(),
which checks if both certificates have the same DN ("unique id") and does a
memcmp() of the raw SPKI section. We don't have direct access to the raw SPKI
section but comparing their fingerprints is good enough.
|
| | | |
|
|\ \ \
| |/ / |
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
certificate: Use SHA256 fingerprints instead of SHA1
Approved-by: Eion Robb
Approved-by: Ethan Blanton
Approved-by: Gary Kramlich
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This meant adding a get_fingerprint_sha256 function to the certificate scheme
structs, which meant adding a struct_size member because we ran out of reserved
members there.
The API-facing purple_certificate_get_fingerprint_sha256() has a fallback
parameter to use sha1 if the SSL plugin doesn't implement this function
(probably an outdated installation, or a third party SSL plugin). When using
the function for display purposes, the fallback is disabled and it returns
NULL, but when using it to compare certificates it's better to have at least
the SHA1.
In functions like purple_certificate_display_x509(), some slight changes to
translatable strings would have been required. Since we're in a string freeze
right now, I avoided those by concatenating a language-neutral "SHA256: %s" at
the end of those messages. The SHA1 line used the word "fingerprint" but we
can't reuse that translation. This should be cleaned up after the release.
|
| |/
| |
| |
| |
| |
| |
| |
| | |
- Redefinition of DBUS_EXPORT
- A whole lot of "misleading indentation" (which only appear in newer gcc)
- One unused static variable in util.c (alphabet, previously used for base64)
- "left shift by negative value" with the IS_END macro of libgnt. That macro is
"1 << 0" and expanded to "~1 << 0" in one place. So now it's "(1 << 0)"
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
Add PURPLE_MESSAGE_REMOTE_SEND flag to PurpleMessageFlags
Approved-by: Eion Robb
Approved-by: Gary Kramlich
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Specifies messages like _SEND that were sent from another location, and are
not echoes.
This allows the UI to distinguish them from groupchat outgoing messages, since
those always result in a serv_got_chat_in() call which writes to the
conversation with the PURPLE_MESSAGE_SEND flag, because that's needed to
display outgoing messages in UIs like pidgin, but some UIs behave differently.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Makes Freenode and other servers that prefer SASL EXTERNAL
fingerprint authentication work again.
Ref:
"Cannot connect to IRC (Freenode)"
https://pidgin.im/pipermail/support/2016-September/029627.html
|
| |
| |
| |
| |
| |
| | |
The pidgin ids were already handled by a previous commit.
https://pidgin.im/pipermail/support/2017-January/029820.html
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
EionRobb/security/EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880 (pull request #15)
Fix for crash when sending invalid xml entities separated by whitespace, eg "&# 3000;"
Approved-by: Gary Kramlich
Approved-by: dx
|
| | | |
|
| |/
| |
| |
| | |
"&# 3000;"
|
|/ |
|
|\
| |
| |
| |
| |
| |
| |
| | |
New DevID and DistID (2.x.y)
Approved-by: Gary Kramlich
Approved-by: Mike Ruprecht
Approved-by: dx
|
| | |
|
| |
| |
| |
| | |
representative via the devel mailing list in September 2016.
|
| | |
|
| |
| |
| |
| | |
allocations when retrieving NLA responses
|
| |
| |
| |
| | |
Refs #16574
|
| | |
|
|\ \
| | |
| | |
| | | |
Makefile: Use hg log instead of hg id --debug, which has unstable output
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
See comments in http://stackoverflow.com/a/2485923/2195033
Also the fact that it was just broken for me - it threw debug info to stdout
("ignoring untrusted configuration option") when running 'sudo make install',
which ended up in package_revision_raw.txt, which broke the build.
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | | |
Robbie/main/Robbie/changelog-fix-a-contributors-name-refere-1476568590680 (pull request #163)
ChangeLog: Fix a contributor's name. References #16174.
|
|/ / |
|
|\ \
| | |
| | |
| | | |
set the version for the 2.12.0 dev cycle
|
| | | |
|
| | | |
|
| |/ |
|
|\ \
| | |
| | |
| | | |
Remove call to the deprecated and stubbed gnutls_global_set_mem_functions().
|