changeset 27436:b171a80dff25

disapproval of revision '39b90ee2c4d49d80e4f9befbc80cb9684cf05209' This was a bad recommendation on my part. Let's handle older certificate algorithms a different way.
author Paul Aurich <paul@darkrain42.org>
date Wed, 22 Jul 2009 06:10:17 +0000
parents 0491bd8a2a60
children 31905a0d1c9d
files configure.ac libpurple/plugins/ssl/ssl-nss.c
diffstat 2 files changed, 0 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/configure.ac	Sat Jul 11 06:46:21 2009 +0000
+++ b/configure.ac	Wed Jul 22 06:10:17 2009 +0000
@@ -2020,23 +2020,6 @@
 	AC_SUBST(NSS_CFLAGS)
 	AC_SUBST(NSS_LIBS)
 fi
- 
-if test "x$enable_nss" = "xyes"; then
-	AC_MSG_CHECKING(for NSS_SetAlgorithmPolicy)
-	LIBS_save="$LIBS"
-	LIBS="$LIBS $NSS_LIBS"
-	CPPFLAGS_save="$CPPFLAGS"
-	CPPFLAGS="$CPPFLAGS $NSS_CFLAGS"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <nss.h>
-#include <secmod.h>],
-                                        [NSS_SetAlgorithmPolicy(SEC_OID_MD2, 0, 0);])],
-	               [AC_DEFINE([NEED_NSS_WEAK_ALGORITHMS], 1,
-                                  [Define if your NSS needs weak algorithms activated with NSS_SetAlgorithmPolicy])
-	                AC_MSG_RESULT(yes)],
-	               [AC_MSG_RESULT(no)])
-	CPPFLAGS="$CPPFLAGS_save"
-        LIBS="$LIBS_save"
-fi
 
 AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
 
--- a/libpurple/plugins/ssl/ssl-nss.c	Sat Jul 11 06:46:21 2009 +0000
+++ b/libpurple/plugins/ssl/ssl-nss.c	Wed Jul 22 06:10:17 2009 +0000
@@ -152,12 +152,6 @@
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
-#ifdef NEED_NSS_WEAK_ALGORITHMS
-	/* Enable some weaker algorithms for XMPP and MSN */
-	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
-	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
-#endif
-
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }