# HG changeset patch # User Paul Aurich # Date 1248243017 0 # Node ID b171a80dff255ddc62af7e98c3a9168e1b259168 # Parent 0491bd8a2a60f697ee5a3d3c7750fbdee3156d8b disapproval of revision '39b90ee2c4d49d80e4f9befbc80cb9684cf05209' This was a bad recommendation on my part. Let's handle older certificate algorithms a different way. diff -r 0491bd8a2a60 -r b171a80dff25 configure.ac --- a/configure.ac Sat Jul 11 06:46:21 2009 +0000 +++ b/configure.ac Wed Jul 22 06:10:17 2009 +0000 @@ -2020,23 +2020,6 @@ AC_SUBST(NSS_CFLAGS) AC_SUBST(NSS_LIBS) fi - -if test "x$enable_nss" = "xyes"; then - AC_MSG_CHECKING(for NSS_SetAlgorithmPolicy) - LIBS_save="$LIBS" - LIBS="$LIBS $NSS_LIBS" - CPPFLAGS_save="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $NSS_CFLAGS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include -#include ], - [NSS_SetAlgorithmPolicy(SEC_OID_MD2, 0, 0);])], - [AC_DEFINE([NEED_NSS_WEAK_ALGORITHMS], 1, - [Define if your NSS needs weak algorithms activated with NSS_SetAlgorithmPolicy]) - AC_MSG_RESULT(yes)], - [AC_MSG_RESULT(no)]) - CPPFLAGS="$CPPFLAGS_save" - LIBS="$LIBS_save" -fi AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes") diff -r 0491bd8a2a60 -r b171a80dff25 libpurple/plugins/ssl/ssl-nss.c --- a/libpurple/plugins/ssl/ssl-nss.c Sat Jul 11 06:46:21 2009 +0000 +++ b/libpurple/plugins/ssl/ssl-nss.c Wed Jul 22 06:10:17 2009 +0000 @@ -152,12 +152,6 @@ SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1); SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1); -#ifdef NEED_NSS_WEAK_ALGORITHMS - /* Enable some weaker algorithms for XMPP and MSN */ - NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0); - NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0); -#endif - _identity = PR_GetUniqueIdentity("Purple"); _nss_methods = PR_GetDefaultIOMethods(); }