[Pkg-telepathy-maintainers] Bug#706270: Bug#706270: [telepathy-idle] Won't connect to IRC servers with self-signed SSL certificates
smcv at debian.org
Sun Apr 28 20:22:11 UTC 2013
forwarded 706270 https://bugs.freedesktop.org/show_bug.cgi?id=57130
On 27/04/13 14:35, Bruno Kleinert wrote:
> since #706094 is closed, I cannot connect anymore to a private IRC
> server that uses a self-signed SSL certificate.
I realise this is a regression, but I didn't have the necessary time to
implement that, and it seemed irresponsible to have a package that
advertises SSL support but is known to be vulnerable to MitM.
> It would be nice to warn the user about bad SSL certificates, but still
> give her/him a chance to connect to the server. E.g. a window with a
> warning that the server should not be trusted and two buttons: "cancel
> connection" and maybe "Continue, I know what I'm doing". Additionally a
> checkbox "Remember my decision" would make me completely happy :)
The Empathy UI already knows how to do this (and so does kde-telepathy,
I think) but Idle would also need to know how to pass on the request to
the UI. Sjoerd has written some patches which I'll try to review soon.
More information about the Pkg-telepathy-maintainers