[Pidgin] #6500: NSS plugin doesn't verify SSL certificates
Pidgin
trac at pidgin.im
Sun Aug 3 14:29:39 EDT 2008
#6500: NSS plugin doesn't verify SSL certificates
-----------------------+----------------------------------------------------
Reporter: ari | Type: defect
Status: new | Priority: minor
Component: libpurple | Version: 2.4.3
Keywords: | Pending: 0
-----------------------+----------------------------------------------------
Originally from http://bugs.debian.org/492434:
I recently set up a Jabber server. I used the default snakeoil
certificate. When I configured Pidgin to connect to my new server,
using SSL, it connected without any complaint whatsoever.
(Pidgin in Debian/Ubuntu is built with NSS, under the recommendation of
you guys. The GNUTLS plugin apparently does do proper certificate
verification. This is a fairly major problem, since people assuming their
connections are secure can be subject to man-in-the-middle attacks.)
--
Ticket URL: <http://developer.pidgin.im/ticket/6500>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list