Bug 467523 - pyOpenSSL should be required by Gajim
pyOpenSSL should be required by Gajim
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: gajim (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Debarshi Ray
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-17 18:22 EDT by Marcin Zajaczkowski
Modified: 2008-10-31 18:42 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-30 08:12:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marcin Zajaczkowski 2008-10-17 18:22:18 EDT
Description of problem:
Gajim uses pyOpenSSL to make some security related operations with encrypted connection. In general it's not very save to work without it then [1].
Up to 0.11.4 there was only a warning on a console which could be easy omitted when Gajim is started using an icon from a menu. In 0.12-alpha1 there is implemented a warning dialog at application startup [1].
In my option pyOpenSSL should be required by Gajim to increase the security and to prevent that warning which may scare new users.
OpenSSL itself is required by many other packages and probably is installed by default, most of the connections in Jabber network are encrypted and I don't think that pyOpenSSL will be a big overhead. 

[1] - http://trac.gajim.org/ticket/4065

Version-Release number of selected component (if applicable):
gajim-0.11.4-4.fc10 (from rawhide)
Comment 1 Debarshi Ray 2008-10-28 14:04:14 EDT
Testing on Fedora 9 x86_64 in the absense of a Rawhide box.

I uninstalled pyOpenSSL from my Fedora 9 system and tried using Gajim 0.11.4 with my GTalk (without SSL) and jabber.org accounts (with SSL), but could not replicate the warning on the console.

http://packages.debian.org/lenny/gajim tells me that pyOpenSSL is not a requirement on Debian too.

Could you please show me the message that you get on the console, so that I can locate it in the sources? I agree with the basic principle of having SSL support, but I just want to be sure that pyOpenSSL is really being used.
Comment 2 Marcin Zajaczkowski 2008-10-29 16:34:46 EDT
The warning message is:

===============================================================================
PyOpenSSL not found, falling back to Python builtin SSL objects (insecure).
===============================================================================

I have always been using a version from nightly build where that message occurs. I checked  0.11.4 from Fedora repository and as you said there is no message. I checked SVN repository and it seems to be added in November 2006 [1], but in a separate branch. 0.11.4 uses probably 0.11 branch (created in 2006) and doesn't have that message. In mentioned in the description commit [2] (July 2008) a dialog at startup was introduced.

The conclusion is that for version 0.11.4 (which is currently in Fedora) pyOpenSSL is not needed (it's even not supported), but for 0.12 it will be required (to prevent warning and what is more important to ensure better security).
You could test it in rawhide, where the first BETA will be released.

[1] - http://trac.gajim.org/changeset/7431
[2] - http://trac.gajim.org/changeset/9886
Comment 3 Debarshi Ray 2008-10-30 08:12:31 EDT
> The conclusion is that for version 0.11.4 (which is currently in Fedora)
> pyOpenSSL is not needed (it's even not supported), but for 0.12 it will be
> required (to prevent warning and what is more important to ensure better
> security).

So for all practical purposes, this is not a bug because Fedora ships only 0.11.4 on all the supported versions of the distribution. When I build 0.12, sometime after Fedora 10 is released, I willl surely add pyOpenSSL as a run-time dependency.

> You could test it in rawhide, where the first BETA will be released.

When are the Gajim developers planning to release 0.12 Beta or stable? It has been quite sometime since 0.12 Alpha came out.

Thanks for the report.
Comment 4 Marcin Zajaczkowski 2008-10-31 18:42:44 EDT
There are still 12 issues left for 0.12:
http://trac.gajim.org/query?status=assigned&status=new&status=reopened&group=status&milestone=0.12
but beta will be probably earlier.

If it wasn't a problem for you, you could make a comment in that issue when you update Gajim version to 0.12 in rawhide.

Note You need to log in before you can comment on or make changes to this bug.