TrustEveryoneFactory in chat?

[micheljung]

Just hopping in every now and then to see what you guys are doing :-)

For instance, why would we disable SSL verification and not even comment it in the code?

downlords-faf-client/src/main/java/com/faforever/client/chat/TrustEveryoneFactory.java

Line 11 in 6d12770

public class TrustEveryoneFactory extends TrustManagerFactory {

I'm pretty sure this isn't a smart move ;)

[Sheikah45]

This was introduced in the change from PircBotX to KittehIRC and was used to replicate the configuration int PircBotx as seen here

downlords-faf-client/src/main/java/com/faforever/client/chat/PircBotXChatService.java

Line 393 in 7262ced

.setSocketFactory(new UtilSSLSocketFactory().trustAllCertificates())

The purpose being to maintain the current functionality in the change over as kitteh connects over SSL by default.

[Sheikah45]

I believe the trust all certificates was originally used due to certificate issues with the irc server but am not certain and this change mainly was focused on converting the service to similar functionality. However the service can be changed but would require input from Brutus or if you know as from my investigation the SSL was disabled since PircBotX was first implemented.

[Brutus5000]

Since our reverse proxy supports raw TCP streams we could use TLS if we want to

[micheljung]

With the chat sending passwords over the wire, (secure) TLS would surely be preferred. Oh, wait, we don't need to because we sha256(md5(md5(password))) right? ;D

[Sheikah45]

yeah we currently still do perform that hashing acrobatics which would be nice to simplify

[Sheikah45]

i just need to know from Brutus how the irc has its TLS configured