Mercurial > pidgin3 / changeset

--- a/configure.ac	Fri Jul 10 00:51:31 2009 +0000
+++ b/configure.ac	Sat Jul 11 06:46:21 2009 +0000
@@ -2020,6 +2020,23 @@
 	AC_SUBST(NSS_CFLAGS)
 	AC_SUBST(NSS_LIBS)
 fi
+ 
+if test "x$enable_nss" = "xyes"; then
+	AC_MSG_CHECKING(for NSS_SetAlgorithmPolicy)
+	LIBS_save="$LIBS"
+	LIBS="$LIBS $NSS_LIBS"
+	CPPFLAGS_save="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $NSS_CFLAGS"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <nss.h>
+#include <secmod.h>],
+                                        [NSS_SetAlgorithmPolicy(SEC_OID_MD2, 0, 0);])],
+	               [AC_DEFINE([NEED_NSS_WEAK_ALGORITHMS], 1,
+                                  [Define if your NSS needs weak algorithms activated with NSS_SetAlgorithmPolicy])
+	                AC_MSG_RESULT(yes)],
+	               [AC_MSG_RESULT(no)])
+	CPPFLAGS="$CPPFLAGS_save"
+        LIBS="$LIBS_save"
+fi
 
 AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
 

--- a/libpurple/plugins/ssl/ssl-nss.c	Fri Jul 10 00:51:31 2009 +0000
+++ b/libpurple/plugins/ssl/ssl-nss.c	Sat Jul 11 06:46:21 2009 +0000
@@ -152,6 +152,12 @@
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
+#ifdef NEED_NSS_WEAK_ALGORITHMS
+	/* Enable some weaker algorithms for XMPP and MSN */
+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+#endif
+
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }