*** This bug is a security vulnerability *** Private security bug reported:
according to this line http://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/Client.cpp#l143, keyprint of hub will never sended to SSLSocket, so CryptoManager::verify_callback will fail to check certificate's keyprint and will return ok even if allowUntrustedHubs is off. This line should ends with SETTING(ALLOW_UNTRUSTED_HUBS), true, keyprint); ** Affects: dcplusplus Importance: Undecided Status: New -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1516181 Title: disabled keyprint check for hubs Status in DC++: New Bug description: according to this line http://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/Client.cpp#l143, keyprint of hub will never sended to SSLSocket, so CryptoManager::verify_callback will fail to check certificate's keyprint and will return ok even if allowUntrustedHubs is off. This line should ends with SETTING(ALLOW_UNTRUSTED_HUBS), true, keyprint); To manage notifications about this bug go to: https://bugs.launchpad.net/dcplusplus/+bug/1516181/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : linuxdcpp-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp