Gajim is excellent for client authentication through credentials stored in a 
PKCS12 container. It rejects however a PKCS12 file 
protected by a password.

tlsnb_nb.py opens the PKCS12 file with :

        p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read())

It may also open a password protected PKCS12 container with :

        p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read(), p12pwd)

Testing with hard-coded password works fine.

I don't have the resources to code in Python, I guess it would be fairly easy 
for Python gurus to modify tls_nb.py to popup a 
dialog requesting a password for the container. This will enhance security when 
connecting to a jabberd server from a host 
accessed by many users in one same desktop session, each one having created an 
account in Gajim and each one having a 
client certificate with the certificate's cn == jid (the server doesn't request 
password authentication in this case).

So this is a request that may enhance security in certain use cases. Of course 
it's not for the common user who just want 
to beep short messages at the other end of the globe.

Thank you for considering.

Gajim-devel mailing list

Reply via email to