[Gajim-devel] Cert encoding error in nbxmpp [PATCH]
Robert Marx
robert.marx at mailbox.org
Fri Jun 8 14:19:31 CEST 2018
Is there a standard that stipulates that certificates must be UTF-8
encoded? Because that is what the current code assumes. And if there is
no standard, gajim should be able to handle commonly encountered cert
encodings. That does not strike me as a problem of the distribution.
Correct me if I missed something here.
Falling back to the local encoding actually might not match the encoding
of the cert files.
Concerning your second question: there is no (as in absolutely no) way
to reliably detect the encoding of a text file. So there is always some
try and error involved. Actually I see little conceptual difference to
the current code, which simply assumes UTF8 and fails, while the patch
assumes one of UTF8, ANSI and ISO8859-1 and fails afterwards. I think
that is a sensible strategy for robust code, especially as the current
behavior is retained with UTF8 certs.
But don't get me wrong, I am not evangelizing. If you don't like the
patch and are happy with the current behavior, throw it in the bin and
forget about it.
Cheers
Robert
Am 08.06.2018 um 14:02 schrieb forenjunkie:
> The only sensible thing we could do is as a fallback try in the local
> encoding the system has configured.
>
> Regards
>
> lovetox
>
>
> Am 08.06.2018 um 13:43 schrieb forenjunkie:
>>
>> Hm,
>>
>> Why dont you open a Bug report with the distribution?
>>
>> There are many encodings, why should we implement trial and error
>> until we find the encoding?
>>
>> Regards
>>
>> lovetox
>>
>>
>> Am 08.06.2018 um 07:06 schrieb Robert Marx:
>>> A small addendum: this is a variant of #51, with some ISO8859-1
>>> characters outside the allowed UTF8 range.
>>>
>>> Am 07.06.2018 um 21:22 schrieb Robert Marx:
>>>> Dear Gajim developers,
>>>>
>>>> python-nbxmpp (master) seems to fail loading certificates that contain
>>>> characters which are not allowed in utf-8 files. Some Linux
>>>> distributions ship certificates that are encoded using ISO8859-1. This
>>>> prevents gajim from establishing TLS connections, thus effectively
>>>> rendering it nonfunctional. Ive read (ok skimmed) the relevant RFCs
>>>> concerning the PEM and crt file formats and could not find any
>>>> indication that these files (PEM, crt) are required to be UTF8 encoded.
>>>>
>>>> I've attached a patch against the master branch that fixes this problem
>>>> with certificates using the ISO8859-1 encoding. The patch might be
>>>> extended by including other encoding options. The ANSI encoding
>>>> might be
>>>> superfluous (probably a strict subset of UTF8) but I included it
>>>> nonetheless to be safe.
>>>>
>>>> Cheers
>>>> Robert
>>>>
>>>> PS: Sorry for not going through gitlab, but I happen to be hesitant to
>>>> subscribe for a single patch.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Gajim-devel mailing list
>>>> Gajim-devel at gajim.org
>>>> https://lists.gajim.org/cgi-bin/listinfo/gajim-devel
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Gajim-devel mailing list
>>>> Gajim-devel at gajim.org
>>>> https://lists.gajim.org/cgi-bin/listinfo/gajim-devel
>>
>>
>>
>> _______________________________________________
>> Gajim-devel mailing list
>> Gajim-devel at gajim.org
>> https://lists.gajim.org/cgi-bin/listinfo/gajim-devel
>
>
>
>
> _______________________________________________
> Gajim-devel mailing list
> Gajim-devel at gajim.org
> https://lists.gajim.org/cgi-bin/listinfo/gajim-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 6803 bytes
Desc: not available
URL: <http://lists.gajim.org/pipermail/gajim-devel/attachments/20180608/bc29b324/attachment.key>
More information about the Gajim-devel
mailing list