#1142 new defect

tls_verify doesn't verify certificates

Reported by: anonymous Owned by:
Priority: major Milestone:
Component: BitlBee Version: 3.2
Keywords: Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro: OpenBSD 5.4


I have the imperssion that tls_verify doesn't verify certificates. For instance, I use my own jabber service which has a self signed certificate which should be rejected but it is just accepted without any further confirmation.

Attachments (0)

Change History (3)

comment:1 Changed at 2014-03-16T12:37:10Z by wilmer

You use BitlBee with GnuTLS?

And you don't have this cert in /etc/ssl or so somewhere?

comment:2 Changed at 2014-08-06T11:42:34Z by dx

"help set tls_verify" says:

Please note that no certificate verification is performed when the ssl setting
is used, or when the CAfile setting in bitlbee.conf is not set.

Also bitlbee.conf says:

## Uncomment this and make sure the file actually exists and contains all
## certificate authorities you're willing to accept (default value should
## work on at least Debian/Ubuntu systems with the "ca-certificates" package
## installed). As long as the line is commented out, SSL certificate
## verification is completely disabled.

...but tls_verify defaults to true and fails silently. Annoying.

This is probably what happened here.

comment:3 Changed at 2014-08-07T12:16:14Z by dx

Priority: normalmajor

Modify Ticket

as new The ticket will remain with no owner.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.