reassign 699103 telepathy-rakia 0.7.4-1
tags 699103 + upstream
thanks
On 28/01/14 20:06, Ron wrote:
> Yes, I think I'm a bit leery about unilaterally (and otherwise silently)
> changing the trust path of all applications using this lib.
Fair enough, taking this bug back. It's going to have to be an upstream
feature request, in that case.
> I'm not all that familiar with telepathy-rakia, but most apps should
> probably be setting this explicitly with NUTAG_CERTIFICATE_DIR or
> similar (depending on which interface set they are using).
/**@def NUTAG_CERTIFICATE_DIR(x)
*
* X.500 certificate directory
...
* @par Values
* NULL terminated pathname of directory containing agent.pem and
cafile.pem files.
So rakia will have to create a directory $certdir (either global or
per-account), symlink /etc/ssl/certs/ca-certificates.crt ->
$certdir/cafile.pem, and pass NUTAG_CERTIFICATE_DIR($certdir) to
nua_create(). Is that correct?
This seems more complicated than it needs to be, but entirely feasible.
smcv wrote:
>> The ideal solution would be if telepathy-rakia could additionally use
>> the Telepathy ServerTLSAuthentication interface to tell UIs "this
>> certificate looks wrong, please deal with it" - that's what
>> telepathy-gabble does.
Does sofia-sip have any functionality for this? It would probably be an
API intended for browser-style interactive prompting; in Telepathy we
proxy that over D-Bus, so the application checking the cert is not
necessarily actually interacting with the user, but we have the same
requirements as user-interaction in terms of "must be asynchronous". I
suspect it doesn't have this API, though?
S
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
