Comment 11 for bug 991342

this is too evolved for me to fully comprehend so i am tempted to just trust the patch authors... however, some test cases (either direct ones or instructions on how to set them up) would be useful to 1) ensure the patch prevents impersonations the previous implementation would have allowed, 2) doesn't introduce regressions and 3) cross-test with other clients (notably Jucy).

nothing wrong jumps out in terms of code; some comments on the following would be welcome: a) new locking mechanism; b) DHs of different sizes; c) CryptoManager clean-up (really necessary since the process is exiting? there was none before - does this fix other issues?); d) changes to cert generation; e) the TODO / commented-out code.