security update makes -idle unusable on servers with self-signed certificates
Bug #1183425 reported by
Jordi Mallach
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| telepathy-idle (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
The recent security update to precise's telepathy-idle package (0.1.11-2ubuntu0.1) adds strict checking for SSL certificates, as seen in upstream's 0.1.15 release. However, the patch doesn't add any UI to accept non-trusted certificates, making the IRC transport unusable against servers using self-signed certificates.
This is a _massive_ regression, with an easy fix available in the form of 0.1.16, which does add the required UI.
Debian's 0.1.16-1 package makes sure the upstream code doesn't require the latest and greatest glib, making a backport trivial.
Please fetch the upstream patch and Debian's addition to ease the backport to fix this issue.
Thanks,
Jordi
Revision history for this message
| Jordi Mallach (jordi) wrote | #1 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in telepathy-idle (Ubuntu): | |
| status: | New → Confirmed |
To post a comment you must log in.
Err, just to clarify, telepathy-idle 0.1.16 doesn't add any UI, but adds the necessary dbus protocol & signal for -idle to notify Empathy of what's going on.