Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only accept all SSL certificates if user asked for it #133

Open
pocmo opened this issue Jan 29, 2013 · 1 comment
Open

Only accept all SSL certificates if user asked for it #133

pocmo opened this issue Jan 29, 2013 · 1 comment
Labels
Bug Feature
Milestone
Yaaic 1.1

Comments

@pocmo
Copy link
Owner

pocmo commented Jan 29, 2013

Currently Yaaic accepts any SSL certificate. This is a potential security risk and counteracts with the purpose of SSL.

Only accept any certificate if the user has checked some checkbox during server setup like:
[X] Accept any SSL certificate. THIS IS A SECURITY RISK.
@kiafaldorius kiafaldorius mentioned this issue Apr 8, 2013
Open
@xlq
Copy link

xlq commented Jul 29, 2013

I have added this feature. I have also added an option to check against a fixed SHA-1 fingerprint, since many IRC servers don't have a proper certificate chain.

Pull request added: #146

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Feature
Projects
None yet
Milestone
Yaaic 1.1
Development

No branches or pull requests
2 participants
@pocmo @xlq