Bug 29000

Summary: Telepathy-gabble hardcodes CA certificates path
Product: Telepathy Reporter: Brian Pepple <bpepple>
Component: gabbleAssignee: Nicolas Dufresne <nicolas>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium CC: pterjan
Version: 0.9Keywords: patch
Hardware: Other   
OS: All   
Whiteboard: review+ with trivial changes
i915 platform: i915 features:
Attachments: Make CA certificates path configurable
Make CA certificates path configurable (using --with)

Description Brian Pepple 2010-07-10 05:54:47 UTC 
Description of problem:
In Fedora 12, I could use strict-SSL in Empathy for Google Chat (strict meaning
encryption required, don't ignore errors).  In Fedora 13 this now just says
"Certificate untrusted".

The cert path is hardcoded in tp-gabble:

src/connection.c:

1895 static gboolean
1896 _gabble_connection_connect (TpBaseConnection *base,
1897                             GError **error)
1898 {
...
1914   /* system certs */
1915   wocky_connector_add_ca (priv->connector,
1916       "/etc/ssl/certs/ca-certificates.crt");


but doesn't match Fedora convention (/etc/pki/tls/certs/ca-bundle.crt).
Comment 1 Nicolas Dufresne 2010-08-25 12:13:09 UTC 
*** Bug 29715 has been marked as a duplicate of this bug. ***
Comment 2 Nicolas Dufresne 2010-08-25 13:23:55 UTC 
Created attachment 38147 [details] [review]
Make CA certificates path configurable

This adds a variable option to the configure script to change the CA certificates path.

  ./configure CA_CERTIFICATES_PATH=/my/distro/ca/cert/path.crt
Comment 3 Pascal Terjan 2010-08-25 13:26:40 UTC 
What about using curl configure code to detect it on most distributions ?
Comment 4 Nicolas Dufresne 2010-08-25 13:49:23 UTC 
(In reply to comment #3)
> What about using curl configure code to detect it on most distributions ?
Which would require track and maintaining a list of what distros do. Do we really want to do so ?
Comment 5 Brian Pepple 2010-08-25 14:04:34 UTC 
(In reply to comment #4)
> (In reply to comment #3)
> > What about using curl configure code to detect it on most distributions ?
> Which would require track and maintaining a list of what distros do. Do we
> really want to do so ?

I think any user of a non-debian based system would say yes.
Comment 6 Nicolas Dufresne 2010-08-25 14:09:42 UTC 
Created attachment 38153 [details] [review]
Make CA certificates path configurable (using --with)

Can now configure CA certificates bunder of dir using
 ./configure --with-ca-certificates=PATH
Comment 7 Simon McVittie 2010-08-26 02:39:29 UTC 
Review of attachment 38153 [details] [review]:

"allows configuring", "creates a new constant in config.h named", and "by passing --with-ca-certificates=/etc/ssl/certs/ca-certificates.crt to the configure script"; but the actual code changes look good. Please correct the commit message at the same time you add Reviewed-By: me :-)
Comment 8 Nicolas Dufresne 2010-08-26 07:18:54 UTC 
Fixed upstream
Comment 9 Nicolas Dufresne 2010-08-26 07:19:20 UTC 
Opps, forgot the status.
Comment 10 Nicolas Dufresne 2010-11-08 09:11:44 UTC 
*** Bug 31474 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.