Ubuntu
net6 package

please add support for (checking) certificates for gobby

Bug #253736 reported by James Troup
6
Affects Status Importance Assigned to Milestone
gobby (Ubuntu)
Fix Released
Medium
Unassigned
gobby-infinote (Ubuntu)
Fix Released
Medium
Unassigned
net6 (Ubuntu)
Invalid
Medium
Unassigned
obby (Ubuntu)
Won't Fix
Medium
Unassigned
sobby (Ubuntu)
Won't Fix
Medium
Unassigned

Bug Description

Binary package hint: sobby

{s,g}obby currently supports encrypted connections which is great, but
they don't appear to support any form of authentication of the server,
e.g. by validating a certificate. Would you please consider adding
support for authentication? Thanks.

Revision history for this message
Kees Cook (kees) wrote :

sobby uses obby for managing gobby connections. obby uses net6 for managing network connections. net6 only uses "anonymous" TLS connections and needs to be extended to handle certificate addition and validation.

Currently it only does:
http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-anonymous-authentication.html

Needs:
http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html

Useful resources for doing this work:
http://www.gnu.org/software/gnutls/manual/html_node/Client-examples.html
http://www.gnu.org/software/gnutls/manual/html_node/Server-examples.html

Changed in sobby (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
affects: sobby (Ubuntu) → net6 (Ubuntu)
summary: - please add support for (checking) certificates
+ please add support for (checking) certificates for gobby
Changed in gobby (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Changed in obby (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Kees Cook (kees) wrote :

obby will need to be taught to do certification validation.
gobby will need to grow a UI for rejected connections.
sobby will need to add configuration parameters for using certificates.

affects: gobby (Ubuntu) → sobby (Ubuntu)
Changed in gobby (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Changed in obby (Ubuntu):
status: Confirmed → Triaged
Changed in sobby (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Philipp Kern (pkern) wrote : Re: [Bug 253736] Re: please add support for (checking) certificates for gobby

On Tue, Apr 07, 2009 at 06:19:29PM -0000, Kees Cook wrote:
> obby will need to be taught to do certification validation.
> gobby will need to grow a UI for rejected connections.
> sobby will need to add configuration parameters for using certificates.

Well, obby's successor and the new Gobby version implement this in a sane
way (i.e. it was considered in its design). It might need another quarter of a
year to be ready but I think I should package this soon to expose it to more
testing.

Ciao,
Philipp Kern

Revision history for this message
Philipp Kern (pkern) wrote :

On Tue, Apr 07, 2009 at 08:39:31PM -0000, Philipp Kern wrote:
> On Tue, Apr 07, 2009 at 06:19:29PM -0000, Kees Cook wrote:
> > obby will need to be taught to do certification validation.
> > gobby will need to grow a UI for rejected connections.
> > sobby will need to add configuration parameters for using certificates.
> Well, obby's successor and the new Gobby version implement this in a sane
> way (i.e. it was considered in its design). It might need another quarter of a
> year to be ready but I think I should package this soon to expose it to more
> testing.

I will have this ready within the next few weeks and get it into Karmic. The
on-the-wire protocol might still change but the current Gobby dev version
is already usable.

Ciao,
Philipp Kern

Philipp Kern (pkern)
Changed in gobby-infinote (Ubuntu):
status: New → Fix Released
importance: Undecided → Medium
Revision history for this message
Fabián Rodríguez (magicfab) wrote :

Using gobby-infinote as a client and infinoted as a server it looks like this has been implemented. I'll test and report back.

Revision history for this message
Philipp Kern (pkern) wrote :

gobby-infinote is the successor to gobby and the latter has been removed. gobby-infinote properly implements this behavior.

Changed in gobby (Ubuntu):
status: Triaged → Fix Released
Changed in obby (Ubuntu):
status: Triaged → Won't Fix
Changed in sobby (Ubuntu):
status: Triaged → Won't Fix
Changed in net6 (Ubuntu):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.