Red Hat Bugzilla – Bug 467523
pyOpenSSL should be required by Gajim
Last modified: 2008-10-31 18:42:44 EDT
Description of problem:
Gajim uses pyOpenSSL to make some security related operations with encrypted connection. In general it's not very save to work without it then .
Up to 0.11.4 there was only a warning on a console which could be easy omitted when Gajim is started using an icon from a menu. In 0.12-alpha1 there is implemented a warning dialog at application startup .
In my option pyOpenSSL should be required by Gajim to increase the security and to prevent that warning which may scare new users.
OpenSSL itself is required by many other packages and probably is installed by default, most of the connections in Jabber network are encrypted and I don't think that pyOpenSSL will be a big overhead.
 - http://trac.gajim.org/ticket/4065
Version-Release number of selected component (if applicable):
gajim-0.11.4-4.fc10 (from rawhide)
Testing on Fedora 9 x86_64 in the absense of a Rawhide box.
I uninstalled pyOpenSSL from my Fedora 9 system and tried using Gajim 0.11.4 with my GTalk (without SSL) and jabber.org accounts (with SSL), but could not replicate the warning on the console.
http://packages.debian.org/lenny/gajim tells me that pyOpenSSL is not a requirement on Debian too.
Could you please show me the message that you get on the console, so that I can locate it in the sources? I agree with the basic principle of having SSL support, but I just want to be sure that pyOpenSSL is really being used.
The warning message is:
PyOpenSSL not found, falling back to Python builtin SSL objects (insecure).
I have always been using a version from nightly build where that message occurs. I checked 0.11.4 from Fedora repository and as you said there is no message. I checked SVN repository and it seems to be added in November 2006 , but in a separate branch. 0.11.4 uses probably 0.11 branch (created in 2006) and doesn't have that message. In mentioned in the description commit  (July 2008) a dialog at startup was introduced.
The conclusion is that for version 0.11.4 (which is currently in Fedora) pyOpenSSL is not needed (it's even not supported), but for 0.12 it will be required (to prevent warning and what is more important to ensure better security).
You could test it in rawhide, where the first BETA will be released.
 - http://trac.gajim.org/changeset/7431
 - http://trac.gajim.org/changeset/9886
> The conclusion is that for version 0.11.4 (which is currently in Fedora)
> pyOpenSSL is not needed (it's even not supported), but for 0.12 it will be
> required (to prevent warning and what is more important to ensure better
So for all practical purposes, this is not a bug because Fedora ships only 0.11.4 on all the supported versions of the distribution. When I build 0.12, sometime after Fedora 10 is released, I willl surely add pyOpenSSL as a run-time dependency.
> You could test it in rawhide, where the first BETA will be released.
When are the Gajim developers planning to release 0.12 Beta or stable? It has been quite sometime since 0.12 Alpha came out.
Thanks for the report.
There are still 12 issues left for 0.12:
but beta will be probably earlier.
If it wasn't a problem for you, you could make a comment in that issue when you update Gajim version to 0.12 in rawhide.