DC++

disabled keyprint check for hubs

Bug #1516181 reported by Konstantin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
DC++
Fix Released
High
Unassigned

Bug Description

according to this line http://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/Client.cpp#l143, keyprint of hub will never sended to SSLSocket, so CryptoManager::verify_callback will fail to check certificate's keyprint and will return ok even if allowUntrustedHubs is off. This line should ends with SETTING(ALLOW_UNTRUSTED_HUBS), true, keyprint);

Revision history for this message
Crise / MW (markuwil) wrote :

Looks like my original patch https://sourceforge.net/p/dcplusplus/code/ci/bd419f3e1c1019a397129d37044dd9f7f679ffdb/ for cryptomanager was slightly incomplete in the end. Which is curious because I seem to recall deliberately testing the patch, as applied to dcpp, with an incorrect hub KEYP at some point before submitting said patch. I must have re-applied the changes from an incomplete patch file just prior to it being pushed.

If memory serves I separated my http manager and keyp changes to two separate patches from a single working copy, there was a similar incorrect application of changes related to httpmanager changes that was addressed some time later.

eMTee (realprogger)
Changed in dcplusplus:
status: New → Confirmed
importance: Undecided → High
Fredrik Ullner (ullner)
Changed in dcplusplus:
status: Confirmed → In Progress
Revision history for this message
poy (poy) wrote :

thanks Konstantin; applied in rev 612a56de0d0c.

Changed in dcplusplus:
status: In Progress → Fix Committed
Revision history for this message
poy (poy) wrote :

Fixed in DC++ 0.860.

Changed in dcplusplus:
status: Fix Committed → Fix Released
eMTee (realprogger)
information type: Private Security → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.