Modify ↓
Opened at 2014-03-16T10:41:44Z
Last modified at 2014-08-07T12:16:14Z
#1142 new defect
tls_verify doesn't verify certificates
| Reported by: | anonymous | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | BitlBee | Version: | 3.2 |
| Keywords: | Cc: | ||
| IRC client+version: | Client-independent | Operating System: | Public server |
| OS version/distro: | OpenBSD 5.4 |
Description
I have the imperssion that tls_verify doesn't verify certificates. For instance, I use my own jabber service which has a self signed certificate which should be rejected but it is just accepted without any further confirmation.
Attachments (0)
Change History (3)
comment:1 Changed at 2014-03-16T12:37:10Z by
comment:2 Changed at 2014-08-06T11:42:34Z by
"help set tls_verify" says:
Please note that no certificate verification is performed when the ssl setting is used, or when the CAfile setting in bitlbee.conf is not set.
Also bitlbee.conf says:
## Uncomment this and make sure the file actually exists and contains all ## certificate authorities you're willing to accept (default value should ## work on at least Debian/Ubuntu systems with the "ca-certificates" package ## installed). As long as the line is commented out, SSL certificate ## verification is completely disabled.
...but tls_verify defaults to true and fails silently. Annoying.
This is probably what happened here.
comment:3 Changed at 2014-08-07T12:16:14Z by
| Priority: | normal → major |
|---|
Note: See
TracTickets for help on using
tickets.
You use BitlBee with GnuTLS?
And you don't have this cert in /etc/ssl or so somewhere?