Mercurial > pidgin.yaz
changeset 27510:0491bd8a2a60
Enable the weaker MD2 and MD4 with RSA encryption signing algorithms that
are now disabled in NSS 3.12.3. This allows signing in without errors on at
least MSN, and some XMPP servers.
Fixes #9360.
| author | Elliott Sales de Andrade <qulogic@pidgin.im> |
|---|---|
| date | Sat, 11 Jul 2009 06:46:21 +0000 |
| parents | 35b6fd563056 |
| children | a7d2bc001b6b b171a80dff25 |
| files | configure.ac libpurple/plugins/ssl/ssl-nss.c |
| diffstat | 2 files changed, 23 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/configure.ac Fri Jul 10 00:51:31 2009 +0000 +++ b/configure.ac Sat Jul 11 06:46:21 2009 +0000 @@ -2020,6 +2020,23 @@ AC_SUBST(NSS_CFLAGS) AC_SUBST(NSS_LIBS) fi + +if test "x$enable_nss" = "xyes"; then + AC_MSG_CHECKING(for NSS_SetAlgorithmPolicy) + LIBS_save="$LIBS" + LIBS="$LIBS $NSS_LIBS" + CPPFLAGS_save="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $NSS_CFLAGS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <nss.h> +#include <secmod.h>], + [NSS_SetAlgorithmPolicy(SEC_OID_MD2, 0, 0);])], + [AC_DEFINE([NEED_NSS_WEAK_ALGORITHMS], 1, + [Define if your NSS needs weak algorithms activated with NSS_SetAlgorithmPolicy]) + AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no)]) + CPPFLAGS="$CPPFLAGS_save" + LIBS="$LIBS_save" +fi AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
--- a/libpurple/plugins/ssl/ssl-nss.c Fri Jul 10 00:51:31 2009 +0000 +++ b/libpurple/plugins/ssl/ssl-nss.c Sat Jul 11 06:46:21 2009 +0000 @@ -152,6 +152,12 @@ SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1); SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1); +#ifdef NEED_NSS_WEAK_ALGORITHMS + /* Enable some weaker algorithms for XMPP and MSN */ + NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0); + NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0); +#endif + _identity = PR_GetUniqueIdentity("Purple"); _nss_methods = PR_GetDefaultIOMethods(); }