[Pkg-telepathy-maintainers] Bug#706270: Bug#706270: [telepathy-idle] Won't connect to IRC servers with self-signed SSL certificates
Simon McVittie
smcv at debian.org
Sun Apr 28 20:22:11 UTC 2013
forwarded 706270 https://bugs.freedesktop.org/show_bug.cgi?id=57130
thanks
On 27/04/13 14:35, Bruno Kleinert wrote:
> since #706094 is closed, I cannot connect anymore to a private IRC
> server that uses a self-signed SSL certificate.
I realise this is a regression, but I didn't have the necessary time to
implement that, and it seemed irresponsible to have a package that
advertises SSL support but is known to be vulnerable to MitM.
> It would be nice to warn the user about bad SSL certificates, but still
> give her/him a chance to connect to the server. E.g. a window with a
> warning that the server should not be trusted and two buttons: "cancel
> connection" and maybe "Continue, I know what I'm doing". Additionally a
> checkbox "Remember my decision" would make me completely happy :)
The Empathy UI already knows how to do this (and so does kde-telepathy,
I think) but Idle would also need to know how to pass on the request to
the UI. Sjoerd has written some patches which I'll try to review soon.
S
More information about the Pkg-telepathy-maintainers
mailing list