Package: quassel-core Version: 0.7.3-1 Severity: important Tags: upstream Quassel-core by default reads a quasselCert.pem file, containing a certificate and a private key, to determine if it can enable SSL support for communication between client and core. If it couldn't load the certificate, it silently disables SSL support for communication. This also means that if the certificate is expired, the core will be unable to load it, and silently disable SSL support. There is no mention of this in the logs, unless one enables the non-standard debug mode, then there is a single message "failed to load certificate, will continue without ssl support" (nothing about expiration).
In my opinion, determining whether to enable SSL support should be a configuration setting, not a check if a file can be loaded, but that's maybe too large a change. At the very least, Quassel should log messages of type "error" if the certificate is expired or otherwise invalid, but it does exist. Then, I think it should still load the certificate if it is only expired, and enable SSL support, and let the client decide whether it wants to connect. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages quassel-core depends on: ii adduser 3.113 ii libc6 2.13-21 ii libgcc1 1:4.6.1-4 ii libqca2 2.0.3-2 ii libqt4-network 4:4.7.3-5 ii libqt4-script 4:4.7.3-5 ii libqt4-sql 4:4.7.3-5 ii libqt4-sql-sqlite 4:4.7.3-5 ii libqtcore4 4:4.7.3-5 ii libstdc++6 4.6.1-4 ii lsb-base 3.2-28 ii openssl 1.0.0e-2 quassel-core recommends no packages. quassel-core suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
