Task #1070

avatar

Replace Mono's System.Security library with something better

Added by Mirco Bauer 1438 days ago. Updated 863 days ago.

Status:New Start:06/14/2015
Priority:Normal Due date:
Assigned to:avatarMirco Bauer % Done:

0%

Category:Engine
Target version:-
Complexity:

High

Votes: 0

Description

IRCS used by Engine-IRC and HTTPS used by Engine-Twitter, Engine-Campfire and Engine-JabbR rely on the X.509 implemented by the CLR. There are many certificate validation issues with Mono's implementation, some of them are documented with known workarounds here: https://smuxi.im/faq/troubleshooting/linux-tls/

Since the .NET Core will not improve the situation with X.509 validation. It relies on the crypto library provided by the operating system, thus Smuxi should seek out into using OpenSSL, GnuTLS, PolarSSL, WolfSSL and the like.

History

Updated by Mirco Bauer 1438 days ago

avatar
  • Subject changed from Replace Mono's System.Security.Cryptography.X509Certificates with something better to Replace Mono's System.Security library with something better

Updated by Mirco Bauer 1438 days ago

avatar

PoC for certificate validation using PolarSSL in Smuxi: https://github.com/meebey/smuxi/tree/experiments/polarssl_cert_validation

Updated by Mirco Bauer 863 days ago

avatar

As a short term workaround you can use stunnel with Smuxi to connect to SSL/TLS enabled servers, see: https://smuxi.im/faq/usage/stunnel/

Also available in: Atom PDF