Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-06-04 Thread Radhesh Krishnan K
Hi Wojtek, Sorry, I have a doubt. I would like to know how certificate validation is performed in the proprietary protocol and why something similar cannot be performed in this case? On Tue, Jun 4, 2013 at 4:41 AM, Wojtek Kaniewski wojte...@toxygen.netwrote: Dnia 2013-06-02, nie o godzinie

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-06-04 Thread Bartosz Brachaczek
Hi, Simply using SSL_get_verify_result() is not a solution here, as it returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY when connecting to the proprietary servers on my system (I assume I am not being attacked, you might want to confirm it yourself). But checking which certificates are

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-06-04 Thread Radhesh Krishnan K
Hi Bartosz, First of all, thank you for volunteering to check this out. If client trusts a CA which is not universally trusted, is it possible to find that CA information within the client ? If yes we can use the same CA to check the certificates, right ? On Tue, Jun 4, 2013 at 5:07 PM,