Let's bring this back out of limbo. Attached is a patch to CryptoManager to allow proper verification of KeyPrints additionally a bunch of changes have been made to the TLS related options handling, because the code was bad (as in it resulted us not having peer certificates at all with default setup, essentially making c<->c KEYP verifiction a no-op process)
** Patch added: "cryptomanager-keyp.patch" https://bugs.launchpad.net/dcplusplus/+bug/991342/+attachment/3958527/+files/cryptomanager-keyp.patch ** Changed in: dcplusplus Assignee: Jacek Sieka (arnetheduck) => Crise (markuwil) -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/991342 Title: KEYP Vulnerability Status in DC++: New Bug description: With the current vulnerability with DC++'s current KEYP implementation the underlying issue seems to be this ... [2012-04-26 09:24] <Crise> anyways, the thing with keyp is entirely different problem... which is basically that it only verifies keyp on the peer level certificate and not on the whole chain as it should Crise has stated he has another source who knows the exploit but will not divulge in who he is. To manage notifications about this bug go to: https://bugs.launchpad.net/dcplusplus/+bug/991342/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : linuxdcpp-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
