1) Due to a missing :up() in a loop, requesting items
(http://xmpp.org/extensions/xep-0257.html#example-3) will generate a
badly-nested stanza, so most clients will only see the first certificate in the
list, while others may crash (hopefully not).
2) The module doesn’t advertise the urn:xmpp:saslcert:1, even though it is
required (http://xmpp.org/extensions/xep-0257.html#sect-idp588448).
3) The module loads certificates by adding PEM headers/and footers to the
base64 sent by the user and feeding that to x509.load(). This is wrong because
x509.load() expects a properly-formatted PEM with 64-chars lines and will fail
otherwise, but XEP-0257 states that the stanza must contain “base64 encoded
DER data of the certificate”, with no formatting required
(http://xmpp.org/extensions/xep-0257.html#add the example also says
“whitespace only added for presentation”). Therefore, a client currently
conforming to that XEP will not be able to work with this module.
I am attaching a patch below that should take care of those issues, but if
there is a better solution than the dual base64 encoding/decoding in order to
sanitize the base64 data, I'm all ears.
Original issue reported on code.google.com by prosodym...@dfgh.net on 23 Jan 2015 at 6:02
Original issue reported on code.google.com by
prosodym...@dfgh.neton 23 Jan 2015 at 6:02Attachments: