Diff for "EvgeniGolov/SSL_Verification_Fails"

Differences between revisions 3 and 4

Inspired by gwibber bypasses certificate checking when providing the login/password for OAuth, I started looking in other (microblogging) applications whether they do proper SSL certificate checks or not.

Note 1: While I think paid SSL certificates are snake oil, the user should be able to trust the app that it is connecting to a "verified" (= already known) host.

Note 2: Not all listed apps are packaged in Debian, I'm just abusing wiki.d.o as a "generic" wiki-host.

appplication	in Debian	Debian Bug	Upstream Bug	library used	affected parts
gwibber	Yes	#608724	LP:705363	python's urllib2	reported against identi.ca backend, looking at the source says all backends
heybuddy	No		LP:798300	python's urllib2	identi.ca
hotot	No		hotot issue 388	python WebKit?	tested with identi.ca, twitter should be too
pino	Yes		pino issue 339		tested with identi.ca
pino3	No		pino3 issue 21	librest	doesn't SSL at all by default, after patching the identi.ca urls failed as expected
turpial	Yes	631422		python's urllib2	identi.ca does not use HTTPS by default, fails after patching. twitter fails immediately

-  ⇤ ← Revision 3 as of 2011-06-20 11:03:02 → 
  Size: 1626
  Editor: EvgeniGolov
  Comment:
+   ← Revision 4 as of 2011-06-23 18:02:31 → ⇥
  Size: 1800
  Editor: EvgeniGolov
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 13:
+||[[http://turpial.org.ve/|turpial]]||Yes||DebianBug:631422|| ||python's urllib2||identi.ca does not use HTTPS by default, fails after patching. twitter fails immediately||