--- a/libpurple/plugins/ssl/ssl-nss.c Sun Nov 02 11:08:42 2014 -0800
+++ b/libpurple/plugins/ssl/ssl-nss.c Tue Nov 04 22:15:01 2014 -0800
@@ -139,9 +139,61 @@
-static void ssl_nss_log_ciphers(void) {
+static const PRUint16 default_ciphers[] = { +#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR > 15 ) \ + || ( NSS_VMAJOR == 3 && NSS_VMINOR == 15 && NSS_VPATCH >= 1 ) + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, +# if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR > 15 ) \ + || ( NSS_VMAJOR == 3 && NSS_VMINOR == 15 && NSS_VPATCH >= 2 ) + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* deprecated (DSS) */ + /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, false }, // deprecated (DSS) */ + TLS_ECDHE_RSA_WITH_RC4_128_SHA, /* deprecated (RC4) */ + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, /* deprecated (RC4) */ + /* RFC 6120 Mandatory */ + TLS_RSA_WITH_AES_128_CBC_SHA, /* deprecated (RSA key exchange) */ + TLS_RSA_WITH_AES_256_CBC_SHA, /* deprecated (RSA key exchange) */ + /* TLS_RSA_WITH_3DES_EDE_CBC_SHA, deprecated (RSA key exchange, 3DES) */ +/* It's unfortunate we need to manage these manually, + * ideally NSS would choose good defaults. + * This is mostly based on FireFox's list: + * https://hg.mozilla.org/mozilla-central/log/default/security/manager/ssl/src/nsNSSComponent.cpp */ +static void ssl_nss_init_ciphers(void) { + /* Disable any ciphers that NSS might have enabled by default */ for (cipher = SSL_GetImplementedCiphers(); *cipher != 0; ++cipher) {
+ SSL_CipherPrefSetDefault(*cipher, PR_FALSE); + /* Now only set SSL/TLS ciphers we knew about at compile time */ + for (cipher = default_ciphers; *cipher != 0; ++cipher) { + SSL_CipherPrefSetDefault(*cipher, PR_TRUE); + /* Now log the available and enabled Ciphers */ + for (cipher = SSL_GetImplementedCiphers(); *cipher != 0; ++cipher) { const PRUint16 suite = *cipher;
@@ -150,18 +202,20 @@
rv = SSL_CipherPrefGetDefault(suite, &enabled);
+ gchar *error_txt = get_error_text(); purple_debug_warning("nss",
"SSL_CipherPrefGetDefault didn't like value 0x%04x: %s\n",
- suite, PORT_ErrorToString(err));
rv = SSL_GetCipherSuiteInfo(suite, &info, (int)(sizeof info));
+ gchar *error_txt = get_error_text(); purple_debug_warning("nss",
"SSL_GetCipherSuiteInfo didn't like value 0x%04x: %s\n",
- suite, PORT_ErrorToString(err));
purple_debug_info("nss", "Cipher - %s: %s\n",
@@ -179,22 +233,11 @@
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-#if (NSS_VMAJOR == 3 && (NSS_VMINOR < 15 || (NSS_VMINOR == 15 && NSS_VMICRO < 2)))
+#if (NSS_VMAJOR == 3 && (NSS_VMINOR < 15 || (NSS_VMINOR == 15 && NSS_VPATCH < 2))) #endif /* NSS < 3.15.2 */
- SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_RC4_128_SHA, 1);
- SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(SSL_RSA_WITH_RC4_128_SHA, 1);
- SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
- SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
+ ssl_nss_init_ciphers(); #if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )
/* Get the ranges of supported and enabled SSL versions */
@@ -229,7 +272,6 @@
_identity = PR_GetUniqueIdentity("Purple");
_nss_methods = PR_GetDefaultIOMethods();
@@ -1118,7 +1160,9 @@
case SEC_ERROR_CA_CERT_INVALID:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
case SEC_ERROR_UNTRUSTED_CERT:
+#ifdef SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
*flags |= PURPLE_CERTIFICATE_INVALID_CHAIN;
--- a/pidgin/gtkdialogs.c Sun Nov 02 11:08:42 2014 -0800
+++ b/pidgin/gtkdialogs.c Tue Nov 04 22:15:01 2014 -0800
@@ -210,6 +210,7 @@
{N_("Kurdish"), "ku", "Amed Ç. Jiyan", "amedcj@hotmail.com"},
{NULL, NULL, "Erdal Ronahi", "erdal.ronahi@gmail.com"},
{NULL, NULL, "Rizoyê Xerzî", "rizoxerzi@hotmail.com"},
+ {N_("Kurdish (Sorani)"), "ku_IQ", "Haval A. Ahmed", "haval.abdulkarim@gmail.com"}, {N_("Lithuanian"), "lt", "Algimantas Margevičius", "margevicius.algimantas@gmail.com"},
{N_("Latvian"), "lv", "Rudolfs Mazurs", "rudolfs.mazurs@gmail.com"},
{N_("Maithili"), "mai", "Sangeeta Kumari", "sangeeta_0975@yahoo.com"},
@@ -245,7 +246,7 @@
{N_("Serbian Latin"), "sr@latin", "Miloš Popović", "gpopac@gmail.com"},
{N_("Sinhala"), "si", "Yajith Ajantha Dayarathna", "yajith@gmail.com"},
{NULL, NULL, "Danishka Navin", "snavin@redhat.com"},
- {N_("Swedish"), "sv", "Peter Hjalmarsson", "xake@telia.com"},
+ {N_("Swedish"), "sv", "Josef Andersson", "josef.andersson@gmail.com"}, {N_("Swahili"), "sw", "Paul Msegeya", "msegeya@gmail.com"},
{N_("Tamil"), "ta", "I. Felix", "ifelix25@gmail.com"},
{NULL, NULL, "Viveka Nathan K", "vivekanathan@users.sourceforge.net"},
@@ -254,7 +255,10 @@
{N_("Tatar"), "tt", "ILDAR Valeev", "v_ildar@bk.ru"},
{N_("Ukranian"), "uk", "Oleksandr Kovalenko", "alx.kovalenko@gmail.com"},
{N_("Urdu"), "ur", "RKVS Raman", "rkvsraman@gmail.com"},
- {N_("Uzbek"), "uz", "Akmal Khushvakov", "uzbadmin@gmail.com"},
+ /* Translators: This is a person's name. For most languages we recommend + N_("Akmal Khushvakov"), "uzbadmin@gmail.com"}, {N_("Vietnamese"), "vi", "Nguyễn Vũ Hưng", "vuhung16plus@gmail.com"},
{N_("Simplified Chinese"), "zh_CN", "Aron Xu", "happyaron.xu@gmail.com"},
{N_("Hong Kong Chinese"), "zh_HK", "Abel Cheung", "abelindsay@gmail.com"},
@@ -338,7 +342,8 @@
{N_("Slovenian"), "sl", "Matjaz Horvat", NULL},
{N_("Serbian"), "sr", "Danilo Šegan", NULL},
{NULL, NULL, "Aleksandar Urosevic", NULL},
- {N_("Swedish"), "sv", "Tore Lundqvist", NULL},
+ {N_("Swedish"), "sv", "Peter Hjalmarsson", "xake@telia.com"}, + {N_("Swedish"), NULL, "Tore Lundqvist", NULL}, {NULL, NULL, "Christian Rose", NULL},
{N_("Telugu"), "te", "Mr. Subbaramaih", NULL},
{N_("Turkish"), "tr", "Serdar Soytetir", NULL},