Dear Gajim developers, python-nbxmpp (master) seems to fail loading certificates that contain characters which are not allowed in utf-8 files. Some Linux distributions ship certificates that are encoded using ISO8859-1. This prevents gajim from establishing TLS connections, thus effectively rendering it nonfunctional. Ive read (ok skimmed) the relevant RFCs concerning the PEM and crt file formats and could not find any indication that these files (PEM, crt) are required to be UTF8 encoded.
I've attached a patch against the master branch that fixes this problem with certificates using the ISO8859-1 encoding. The patch might be extended by including other encoding options. The ANSI encoding might be superfluous (probably a strict subset of UTF8) but I included it nonetheless to be safe. Cheers Robert PS: Sorry for not going through gitlab, but I happen to be hesitant to subscribe for a single patch.
--- python-nbxmpp-master/nbxmpp/tls_nb.py 2018-05-28 07:40:05.000000000 +0200 +++ python-nbxmpp-rmx/nbxmpp/tls_nb.py 2018-06-07 19:00:55.449465000 +0200 @@ -335,17 +335,28 @@ return False def _load_cert_file(self, cert_path, cert_store, logg=True): + log.info('Try to open certificate file %s' % cert_path) if not os.path.isfile(cert_path): return - try: - if sys.version_info[0] > 2: - f = open(cert_path, encoding='utf-8') - else: - f = io.open(cert_path, encoding='utf-8') - lines = f.readlines() - except (IOError, UnicodeError) as e: - log.warning('Unable to open certificate file %s: %s' % \ - (cert_path, str(e))) + + if sys.version_info[0] > 2: + open_ = lambda encoding: open(cert_path, encoding=encoding) + else: + open_ = lambda encoding: io.open(cert_path, encoding=encoding) + + read_success = False + for encoding in ('utf-8', 'ascii', 'iso-8859-1'): + try: + f = open_(encoding) + lines = f.readlines() + read_success = True + break + except (IOError, UnicodeError, UnicodeDecodeError) as e: + log.warning('Unable to open certificate file %s: %s' % \ + (cert_path, str(e))) + f.close() + + if not read_success: return i = 0
pEpkey.asc
Description: application/pgp-keys
_______________________________________________ Gajim-devel mailing list Gajim-devel@gajim.org https://lists.gajim.org/cgi-bin/listinfo/gajim-devel