On 07/25/2011 02:10 PM, nmset wrote:

Gajim is excellent for client authentication through credentials stored in a 
PKCS12 container. It rejects however a PKCS12 file
protected by a password.

tlsnb_nb.py opens the PKCS12 file with :

         p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read())

It may also open a password protected PKCS12 container with :

         p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read(), p12pwd)

Testing with hard-coded password works fine.

I don't have the resources to code in Python, I guess it would be fairly easy 
for Python gurus to modify tls_nb.py to popup a
dialog requesting a password for the container.


It's not that easy because tls_nb.py has nothing to do with GUI, so it cannot display a dialog itself. Connection object should try to open the certificat, if that fails, asks a password, before trying to connect. But I can look at that.

Could you tell me what happens if you call directly
OpenSSL.crypto.load_pkcs12(open(PATH_TO_CERT).read()) on a password protected cert? Does it raises a message about missing password?
I ask that to know how to detect it's protected or not.

Gajim-devel mailing list

Reply via email to