changeset 27433:0491bd8a2a60

Enable the weaker MD2 and MD4 with RSA encryption signing algorithms that are now disabled in NSS 3.12.3. This allows signing in without errors on at least MSN, and some XMPP servers. Fixes #9360.
author Elliott Sales de Andrade <qulogic@pidgin.im>
date Sat, 11 Jul 2009 06:46:21 +0000
parents 35b6fd563056
children a7d2bc001b6b b171a80dff25
files configure.ac libpurple/plugins/ssl/ssl-nss.c
diffstat 2 files changed, 23 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/configure.ac	Fri Jul 10 00:51:31 2009 +0000
+++ b/configure.ac	Sat Jul 11 06:46:21 2009 +0000
@@ -2020,6 +2020,23 @@
 	AC_SUBST(NSS_CFLAGS)
 	AC_SUBST(NSS_LIBS)
 fi
+ 
+if test "x$enable_nss" = "xyes"; then
+	AC_MSG_CHECKING(for NSS_SetAlgorithmPolicy)
+	LIBS_save="$LIBS"
+	LIBS="$LIBS $NSS_LIBS"
+	CPPFLAGS_save="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $NSS_CFLAGS"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <nss.h>
+#include <secmod.h>],
+                                        [NSS_SetAlgorithmPolicy(SEC_OID_MD2, 0, 0);])],
+	               [AC_DEFINE([NEED_NSS_WEAK_ALGORITHMS], 1,
+                                  [Define if your NSS needs weak algorithms activated with NSS_SetAlgorithmPolicy])
+	                AC_MSG_RESULT(yes)],
+	               [AC_MSG_RESULT(no)])
+	CPPFLAGS="$CPPFLAGS_save"
+        LIBS="$LIBS_save"
+fi
 
 AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
 
--- a/libpurple/plugins/ssl/ssl-nss.c	Fri Jul 10 00:51:31 2009 +0000
+++ b/libpurple/plugins/ssl/ssl-nss.c	Sat Jul 11 06:46:21 2009 +0000
@@ -152,6 +152,12 @@
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
+#ifdef NEED_NSS_WEAK_ALGORITHMS
+	/* Enable some weaker algorithms for XMPP and MSN */
+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+#endif
+
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }