-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/14/2012 02:19 AM, Florian Weimer wrote:
On 11/14/2012 08:19 AM, Kurt Seiifried wrote:
So do we consider this to be an OpenSSL issue of gajim? I'm sure
gajim is not the only program that does something like this.
As far as I understand
Package: gajim
Version: 0.15-1.1
Severity: grave
Tags: security, upstream
Forwarded: https://trac.gajim.org/ticket/7252
Gajim does not seem to properly handle invalid/broken/expired
certificates. The _ssl_verify_callback function in tls_nb.py is called
by OpenSSL for every certificate in the
2 matches
Mail list logo
