Inspired by the same bug in gwibber
(https://bugs.launchpad.net/gwibber/+bug/705363) and heybuddy
(https://bugs.launchpad.net/heybuddy/+bug/798300) I checked pino and it failed
the same way :(
What steps will reproduce the problem?
1. Start pino
2. add new account, service "other", URL
"https://badcert.dorei.kerker.die-welt.net/blub/"
3. save, pino will update the statuses happily, even if the SSL cert is
snakeoil.
What is the expected output? What do you see instead?
Expected: Some sort of SSL error.
Instead pino connects to the bad host, I can see the following in the log of
the apache running there:
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/statuses/home_timeline.xml?count=20 HTTP/1.1" 404 1608 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/statuses/home_timeline.xml?count=20 HTTP/1.1" 404 570 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/statuses/home_timeline.xml?count=20 HTTP/1.1" 404 570 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/statuses/mentions.xml?count=20 HTTP/1.1" 404 731 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/statuses/mentions.xml?count=20 HTTP/1.1" 404 570 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/statuses/mentions.xml?count=20 HTTP/1.1" 404 570 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/direct_messages.xml?count=20 HTTP/1.1" 404 731 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/direct_messages.xml?count=20 HTTP/1.1" 404 570 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET
/blub/direct_messages.xml?count=20 HTTP/1.1" 404 570 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET /blub/users/show/asda.xml?
HTTP/1.1" 404 731 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET /blub/users/show/asda.xml?
HTTP/1.1" 404 570 "-" "pino/0.2.11"
my.ip.addr.ess - - [17/Jun/2011:12:02:33 +0200] "GET /blub/users/show/asda.xml?
HTTP/1.1" 404 570 "-" "pino/0.2.11"
What version of the product are you using? On what operating system?
pino 0.2.11-5, Debian GNU/Linux Sid amd64
Please provide any additional information below.
classic MITM here, please check against some system-provided list of trusted
certs :)
Original issue reported on code.google.com by zhen...@gmail.com on 17 Jun 2011 at 10:15
Original issue reported on code.google.com by
zhen...@gmail.com
on 17 Jun 2011 at 10:15