Gajim is excellent for client authentication through credentials stored in a
PKCS12 container. It rejects however a PKCS12 file
protected by a password.
tlsnb_nb.py opens the PKCS12 file with :
p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read())
It may also open a password protected PKCS12 container with :
p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read(), p12pwd)
Testing with hard-coded password works fine.
I don't have the resources to code in Python, I guess it would be fairly easy
for Python gurus to modify tls_nb.py to popup a
dialog requesting a password for the container. This will enhance security when
connecting to a jabberd server from a host
accessed by many users in one same desktop session, each one having created an
account in Gajim and each one having a
client certificate with the certificate's cn == jid (the server doesn't request
password authentication in this case).
So this is a request that may enhance security in certain use cases. Of course
it's not for the common user who just want
to beep short messages at the other end of the globe.
Thank you for considering.
Gajim-devel mailing list