After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 730892 - Polari should support SSL connections and authentication
Polari should support SSL connections and authentication
Status: RESOLVED FIXED
Product: polari
Classification: Applications
Component: general
unspecified
Other Linux
: Normal enhancement
: ---
Assigned To: Polari maintainers
Polari maintainers
: 740572 (view as bug list)
Depends on: 761859
Blocks:
 
 
Reported: 2014-05-28 15:50 UTC by Darryl L. Pierce
Modified: 2016-02-18 00:20 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Connections: Attempt SSL connection when updating account (5.14 KB, patch)
2015-06-18 14:10 UTC, Bastian Ilsø
none Details | Review
connections: Expose setting to connect through TLS (5.96 KB, patch)
2016-02-11 13:17 UTC, Florian Müllner
none Details | Review
connections: Expose setting to connect through TLS (7.53 KB, patch)
2016-02-16 13:33 UTC, Florian Müllner
committed Details | Review

Description Darryl L. Pierce 2014-05-28 15:50:28 UTC
For my IRC usage, I use a Bip proxy to maintain a presence on IRC. I then have my IRC client connect to that proxy using a secure connection. I would like to use Polari but cannot since it doesn't currently support SSL connections or authentication.
Comment 1 Florian Müllner 2014-11-27 12:02:03 UTC
*** Bug 740572 has been marked as a duplicate of this bug. ***
Comment 2 Bastian Ilsø 2015-06-18 14:10:10 UTC
Created attachment 305586 [details] [review]
Connections: Attempt SSL connection when updating account

Polari now tries to establish an SSL connection with the server and falls back on non-SSL should the server not support it. (proof-of-concept patch.)

Some issues for discussion:
- At the moment we always try non-SSL, no matter what reason the initial SSL attempt failed with. If I try to connect to a non-SSL server like "dreamhack.se.quakenet.org", the DBus error (account.connection_error) is org.freedesktop.Telepathy.Error.NetworkError, though (Not org.freedesktop.Telepathy.Error.EncryptionNotAvailable, which telepathy-idle doesn't seem to emit hmm..)
- If we connect to irc.gnome.org with SSL, we get a dialog about untrusted connection. As described in https://wiki.gnome.org/Sysadmin/IRC, irc.gnome.org will redirect to some other server which is what is causing these dialogs. I don't know if we want to try to avoid getting these dialogs somehow.
- Right now the way we attempt to establish connection is by trying to fetch a roomlist. If there is a better way to attempt to establish connection than this, which can also throw errors if something is wrong, I'd love to know.
Comment 3 Elad Alfassa 2015-06-18 14:15:38 UTC
this approach sounds dangerous, as it is vulnerable to connection downgrade attacks, a man-in-the-middle could drop SSL handshake packets, which would then make Polari connect over insecure (plain text) connection.
Comment 4 Darryl L. Pierce 2015-06-18 14:30:29 UTC
(In reply to Elad Alfassa from comment #3)
> this approach sounds dangerous, as it is vulnerable to connection downgrade
> attacks, a man-in-the-middle could drop SSL handshake packets, which would
> then make Polari connect over insecure (plain text) connection.

+1

If the connection is configured to use SSL then it should not ever fallback to non-SSL on failure: it should just fail.
Comment 5 Elad Alfassa 2015-06-18 14:46:09 UTC
A safer way to implement this would be having a "Use secured connection" checkbox. I know it kinda sucks for UX, but all other choices compromise user safety.

If you want to make sure users are extra safe, you could try using SSL / TLS even if the said checkbox is unchecked, and if you succeed keep it stored somewhere, then for the next connection automatically connect securely as if the user has selected "use secured connection" (without falling back to insecure connection).

Also, it would be very useful to support the STARTTLS extension for IRC for opportunistic encryption: http://ircv3.net/specs/extensions/tls-3.1.html
Comment 6 Florian Müllner 2015-06-18 16:10:35 UTC
(In reply to Elad Alfassa from comment #3)
> this approach sounds dangerous, as it is vulnerable to connection downgrade
> attacks, a man-in-the-middle could drop SSL handshake packets, which would
> then make Polari connect over insecure (plain text) connection.

Note that the idea here is to *only* do this on account creation, not every time we connect. For existing accounts, the behavior should be as in comment #4 (and if you absolutely need a checkbox, there's one on online accounts ...)
Comment 7 Michael Catanzaro 2015-12-22 00:14:55 UTC
(In reply to Bastian Ilsø from comment #2)
> - If we connect to irc.gnome.org with SSL, we get a dialog about untrusted
> connection. As described in https://wiki.gnome.org/Sysadmin/IRC,
> irc.gnome.org will redirect to some other server which is what is causing
> these dialogs. I don't know if we want to try to avoid getting these dialogs
> somehow.

You need to not try to connect to irc.gnome.org, but instead connect to irc.eagle.y.se, irc.acc.umu.se, irc.gimp.ca, or irc.poop.nl, since those servers send certificates that are valid only for their own domains and not for irc.gnome.org. I think that's silly, since it means the list of servers is hard to change as they're hardcoded into clients, but that's how it is.

To be clear: it is wrong to attempt a TLS connection to irc.gnome.org.

I say TLS because I hope telepathy doesn't use SSL anymore (though I have no confidence this is the case), so user-visible labels should say TLS instead of SSL.
Comment 8 Florian Müllner 2016-02-11 13:17:23 UTC
Created attachment 320878 [details] [review]
connections: Expose setting to connect through TLS

So here's the current idea of supporting this - for connections we know about, we can do auto-magic (see bug 761859), for custom connections, we do expose the setting to the user.
Comment 9 Florian Müllner 2016-02-16 13:33:27 UTC
Created attachment 321368 [details] [review]
connections: Expose setting to connect through TLS

Rebased to master.
Comment 10 Florian Müllner 2016-02-18 00:20:37 UTC
Attachment 321368 [details] pushed as b766dcb - connections: Expose setting to connect through TLS