Bug 281761 - net-im/libpurple: add patch to handle ssl certificate chain on libpurple / pidgin
Summary: net-im/libpurple: add patch to handle ssl certificate chain on libpurple / pi...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Joe Marcus Clarke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-09-29 15:57 UTC by Rodrigo Osorio
Modified: 2024-09-29 20:20 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (marcus)

Attachments
use the SSL_PeerCertificateChain function, instead of SSL_PeerCertificate (2.33 KB, patch)
2024-09-29 15:57 UTC, Rodrigo Osorio 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rodrigo Osorio freebsd_committer freebsd_triage 2024-09-29 15:57:11 UTC 
Created attachment 253890 [details]
use the SSL_PeerCertificateChain function, instead of SSL_PeerCertificate

Hi,

The ssl_nss_get_peer_certificates function in libpurple 2.x.y assumes that all intermediate certificates from the peer's presented chain can be found in the NSS certificate DB. This is not the case in NSS 3.103.

This patch is required in order to add a new port for *MS teams* support in pidgin.

This patch[1] replaces a call to ssl_nss_get_peer_certificates by SSL_PeerCertificateChain who retrieves the certificates presented by the SSL peer.SSL_PeerCertificateChain has been in NSS since version 3.15.4 released in 2014.

Additional references: https://bugzilla.mozilla.org/show_bug.cgi?id=1913047

[1] https://issues.imfreedom.org/issue/PIDGIN-17886/Certificate-verification-errors-with-NSS-3.103

Cheers,
-- rodrigo
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-09-29 20:19:17 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9a9cfc4efa5690823dd0f0fafa5fd07d061e7e0c

commit 9a9cfc4efa5690823dd0f0fafa5fd07d061e7e0c
Author:     Rodrigo Osorio <rodrigo@FreeBSD.org>
AuthorDate: 2024-09-29 20:15:59 +0000
Commit:     Joe Marcus Clarke <marcus@FreeBSD.org>
CommitDate: 2024-09-29 20:15:59 +0000

    net-im/libpurple: use the SSL_PeerCertificateChain function, instead of SSL_PeerCertificate

    The ssl_nss_get_peer_certificates function in libpurple 2.x.y assumes that all intermediate certificates from the peer's presented chain can be found in the NSS certificate DB. This is not the case in NSS 3.103.

    This patch is required in order to add a new port for *MS teams* support in pidgin.

    This patch replaces a call to ssl_nss_get_peer_certificates by SSL_PeerCertificateChain who retrieves the certificates presented by the SSL peer.SSL_PeerCertificateChain has been in NSS since version 3.15.4 released in 2014.

    Additional references: https://bugzilla.mozilla.org/show_bug.cgi?id=1913047

    PR:             281761

 net-im/libpurple/Makefile                          |  2 +-
 .../patch-libpurple_plugins_ssl_ssl-nss.c (new)    | 54 ++++++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)
Comment 2 Joe Marcus Clarke freebsd_committer freebsd_triage 2024-09-29 20:20:05 UTC 
Committed, thanks!  I forgot to uncomment the "Obtained from" line, though.  Grrr.