[Pidgin] #4725: Look deep into SSL certificate chain for issuers
Pidgin
trac at pidgin.im
Thu May 15 00:23:05 EDT 2008
#4725: Look deep into SSL certificate chain for issuers
------------------------+---------------------------------------------------
Reporter: wehlhard | Owner:
Type: defect | Status: new
Priority: minor | Milestone:
Component: libpurple | Version: 2.3.1
Resolution: | Keywords:
Pending: 0 |
------------------------+---------------------------------------------------
Comment (by wehlhard):
[http://tools.ietf.org/html/rfc4346#section-7.4.2 RFC 4346 specifies] that
the certificate chain MUST be in order. However, I don't think it would
compromise security to allow out-of-order chains, as long as a valid chain
to a root certificate exists somewhere in the jumble.
In the spirit of "be liberal in what you accept", I think it would be a
good idea to simply accept the chain and unjumble it.
--
Ticket URL: <http://developer.pidgin.im/ticket/4725#comment:4>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list