Bug 634891 – Empathy can't remember not CA certificates

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 634891 - Empathy can't remember not CA certificates


Summary:	Empathy can't remember not CA certificates


Status:	RESOLVED OBSOLETE

Product:	empathy
Classification:	Core
Component:	Auth client
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	empathy-maint
QA Contact:

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-11-15 09:28 UTC by Guillaume Desmottes
Modified:	2011-02-21 09:37 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Guillaume Desmottes 2010-11-15 09:28:09 UTC

if (gnutls_x509_crt_get_ca_status (cert, NULL) <= 0)
    {
      DEBUG ("Can't import the CA, it's not a valid CA certificate");

That's pretty similar to bug #634489 the remember certificate code should be more powerful to handle such case.

Comment 1 Stef Walter 2010-12-13 21:01:58 UTC

THis code is no longer present once bug #636258 is merged.

I don't think we want to making importing certificate authorities from within empathy. Importing and storing certificate authorities as trust anchors is a high risk operation when it comes to security. We certainly want to be able to 'pin' (add an exception for) a end entity certificate. This pinned certificate is stored for a given host.

Should we just close this?