[Bug 281761] net-im/libpurple: add patch to handle ssl certificate chain on libpurple / pidgin

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 29 Sep 2024 15:57:11 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281761

            Bug ID: 281761
           Summary: net-im/libpurple: add patch to handle ssl certificate
                    chain on libpurple / pidgin
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: marcus@FreeBSD.org
          Reporter: rodrigo@FreeBSD.org
             Flags: maintainer-feedback?(marcus@FreeBSD.org)
          Assignee: marcus@FreeBSD.org

Created attachment 253890
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253890&action=edit
use the SSL_PeerCertificateChain function, instead of SSL_PeerCertificate

Hi,

The ssl_nss_get_peer_certificates function in libpurple 2.x.y assumes that all
intermediate certificates from the peer's presented chain can be found in the
NSS certificate DB. This is not the case in NSS 3.103.

This patch is required in order to add a new port for *MS teams* support in
pidgin.

This patch[1] replaces a call to ssl_nss_get_peer_certificates by
SSL_PeerCertificateChain who retrieves the certificates presented by the SSL
peer.SSL_PeerCertificateChain has been in NSS since version 3.15.4 released in
2014.

Additional references: https://bugzilla.mozilla.org/show_bug.cgi?id=1913047

[1]
https://issues.imfreedom.org/issue/PIDGIN-17886/Certificate-verification-errors-with-NSS-3.103

Cheers,
-- rodrigo

-- 
You are receiving this mail because:
You are the assignee for the bug.