[Gajim-devel] Cert encoding error in nbxmpp [PATCH]

Thu, 07 Jun 2018 12:31:42 -0700 

Dear Gajim developers,

python-nbxmpp (master) seems to fail loading certificates that contain
characters which are not allowed in utf-8 files. Some Linux
distributions ship certificates that are encoded using ISO8859-1. This
prevents gajim from establishing TLS connections, thus effectively
rendering it nonfunctional. Ive read (ok skimmed) the relevant RFCs
concerning the PEM and crt file formats and could not find any
indication that these files (PEM, crt) are required to be UTF8 encoded.

I've attached a patch against the master branch that fixes this problem
with certificates using the ISO8859-1 encoding. The patch might be
extended by including other encoding options. The ANSI encoding might be
superfluous (probably a strict subset of UTF8) but I included it
nonetheless to be safe.

Cheers
Robert

PS: Sorry for not going through gitlab, but I happen to be hesitant to
subscribe for a single patch.

--- python-nbxmpp-master/nbxmpp/tls_nb.py	2018-05-28 07:40:05.000000000 +0200
+++ python-nbxmpp-rmx/nbxmpp/tls_nb.py	2018-06-07 19:00:55.449465000 +0200
@@ -335,17 +335,28 @@
             return False
 
     def _load_cert_file(self, cert_path, cert_store, logg=True):
+        log.info('Try to open certificate file %s' % cert_path)
         if not os.path.isfile(cert_path):
             return
-        try:
-            if sys.version_info[0] > 2:
-                f = open(cert_path, encoding='utf-8')
-            else:
-                f = io.open(cert_path, encoding='utf-8')
-            lines = f.readlines()
-        except (IOError, UnicodeError) as e:
-            log.warning('Unable to open certificate file %s: %s' % \
-                    (cert_path, str(e)))
+
+        if sys.version_info[0] > 2:
+            open_ = lambda encoding: open(cert_path, encoding=encoding)
+        else:
+            open_ = lambda encoding: io.open(cert_path, encoding=encoding)
+
+        read_success = False
+        for encoding in ('utf-8', 'ascii', 'iso-8859-1'):
+            try:
+                f = open_(encoding)
+                lines = f.readlines()
+                read_success = True
+                break
+            except (IOError, UnicodeError, UnicodeDecodeError) as e:
+                log.warning('Unable to open certificate file %s: %s' % \
+                        (cert_path, str(e)))
+                f.close()
+
+        if not read_success: 
             return
 
         i = 0

Attachment: pEpkey.asc
Description: application/pgp-keys

_______________________________________________
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel

Reply via email to