Now that Idle uses GIO for TLS, it should be able to do interactive TLS verification, like Gabble does; that'd be useful for private IRC servers with a self-signed cert. (At the moment I believe it uses GIO's default acceptance/rejection rules, i.e. requiring the cert to be signed by a CA in the system certificate store?)
(In reply to comment #0) > (At the moment I believe it uses GIO's default acceptance/rejection rules, > i.e. requiring the cert to be signed by a CA in the system certificate > store?) It turns out that versions up to 0.1.14 didn't validate certificates (Bug #63810). Version 0.1.15 will be strict about certificates, which means that implementing this feature request will be necessary to be able to use Idle with servers whose certificate is untrusted.
This is going to be non-trivial. The GIO TLS code's interface to accept certificates interactively requires you to either: * do I/O in a thread per server (and block in that thread while waiting for the UI, or in our case the D-Bus calls) or * respond to a failed attempt by remembering the certificate, then doing an interactive prompt about that certificate; if the user says "yes that's OK", retry connecting. When GIO tells us (again) that the certificate is bad, compare it with the one the user accepted, and if it's the same one (!), synchronously reply "yes that's OK". This would probably require changing the code so we have 1 IdleConnection : up to 2 IdleServerConnections.
(In reply to comment #2) > This is going to be non-trivial. The GIO TLS code's interface to accept > certificates interactively requires you to either: Actually it's mostly trivial, thanks to GTask & GIO being quite nice. Most of the typing actually went into copying the TLS dbus/telepathy infrastructure from Gabble and making it work for idle. See http://cgit.collabora.com/git/user/sjoerd/telepathy-idle.git/log/?h=interactive-tls for fun and patches.
/me reviews…
(In reply to comment #4) > /me reviews… There were 1½ leaks, and a smörgåsbord of crashes, which I have fixed in http://cgit.collabora.com/git/user/wjt/telepathy-idle/log/?h=interactive-tls
Coding style and other nitpicking --------------------------------- Rather than whining about coding style, I just added patches... http://cgit.freedesktop.org/~smcv/telepathy-idle/log/?h=interactive-tls Non-issues ---------- + g_async_queue_push (priv->certificate_queue, GINT_TO_POINTER (ret ? CERT_ACCEPTED : CERT_REJECTED)); It's a pity ::accept-certificate doesn't return a nullable GError - if it did, we could pass a GError-or-NULL back to the thread rather than ignoring the GError. This seems to be the best we can do, though... if (socket_connection != NULL) - g_task_return_pointer (task, socket_connection, g_object_unref); + g_simple_async_result_set_op_res_gpointer (task, socket_connection, g_object_unref); else - g_task_return_error (task, error); + g_simple_async_result_take_error (task, error); I was going to say "don't we need to g_simple_async_result_complete_in_idle() here?"... but according to the g_simple_async_result_run_in_thread() docs, the answer is "no" so never mind.
15:23 <@wjt> smcv: your idles look fine Releasing it.
Fixed in 0.1.16
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.