Version 22 (modified by 17 years ago) (diff) | ,
---|
General Description
Pidgin doesn't currently do any certificate verification for SSL. In order to properly do this and ensure security, a certificate manager (something like Mozilla's) needs to be added.
This is William Ehlhardt's project for Summer of Code
Branch
im.pidgin.soc.2007.certmgr
Handy-dandy overview
CertificateScheme? API
- Closely modeled on Cipher API
struct Certificate
- CertificateScheme? * scheme
- Internal data
struct CertificateScheme?
Will be registered into an internal list of scheme types
- char * name = "x509", "pgp", etc.
- int ref - for reference counting
- Certificate * import_certificate(file arguments) -
- export_certificate(filename?)
- gboolean check_signature(Certificate * certificate, Certificate * signer) - returns whether one certificate is signed by another
- CertificateVerificationData? * get_verification_data() - returns a structure containing things to show to the user to check the certificate's validity
- gchar * fingerprint_sha1, gchar * fingerprint_md5 - return various hashes of the key (named separately as the hash type controls of the CertScheme? backends are not supposed to be exposed directly)
TODO: Go through the full "create an SSL connection" process and figure out how everything fits in.
Issues
- Jabber (and possibly others) use the purple_ssl_connect_fd function to build an SSL connection over a previously existing ProxyConnection?. Since all the SSL side sees is the file descriptor in this case, hostname verification is impossible. (29 May)
- talk.google.com gives back a gmail.com certificate?! (29 May)
Resolved Issues
- It looks like PKCS12 (the certificate import/export format) is supported by both libNSS and GnuTLS.
TODO
- General paranoia
- Look at how the SILC prpl does its key management, especially the organization of the API used to check certs and interact with the user to verify them.
- Add some way of passing useful error messages back up out of the SSL interface (23 May)
- Fix purple_ssl_init in sslconn.c; it doesn't do anything (23 May)
- Talking to nosnilmot suggests that this ought to just be removed outright (24 May)
- Figure out libNSS everything. (25 May)
- Why am I getting single-byte serial numbers from servers? (25 May)
- Work out how to use Glib functions for time checking on certificates. (29 May)
- Stall the timeouts on the TCP connection while waiting for user input on SSL? (29 May)
- Worry about ensuring that plugins don't kill in-use ciphers/certschemes when unloaded? (29 May)
Tasks done
- Figure out how to get key fingerprints out of GnuTLS (25 May, 25 May))
Status
25 May 2007
Divergence point reached. With the addition of purple_base16_encode_chunked, my changes will force at least a minor version increment. Slapped some code into the GnuTLS SSL plugin and looked at the certificate characteristics coming back. But why am I getting single-byte serial number values back? How large should these serial numbers be?
23 May 2007
Using "Document the SSL interface as it exists now" as an excuse to build a branch and learn Doxygen
17 May 2007
Reading documentation. Lots of it.