gajim issueshttps://dev.gajim.org/gajim/gajim/-/issues2023-04-14T16:15:49Zhttps://dev.gajim.org/gajim/gajim/-/issues/11470OMEMO/http upload: filename not encrypted2023-04-14T16:15:49ZGustav GanzOMEMO/http upload: filename not encryptedWhen sending a file to a contact using OMEMO, the http upload method is used if available. Unfortunately, the filename is not encrypted. This is a problem since the filename can be meaningfull (e.g. kennedy_assasination_conspiracy.pdf).
...When sending a file to a contact using OMEMO, the http upload method is used if available. Unfortunately, the filename is not encrypted. This is a problem since the filename can be meaningfull (e.g. kennedy_assasination_conspiracy.pdf).
Reference: https://github.com/siacs/Conversations/issues/1610https://dev.gajim.org/gajim/gajim/-/issues/10045SSL server validation ignores system-wide installed CAs2021-03-25T09:26:42ZEugene CrosserSSL server validation ignores system-wide installed CAsSince a while ago, server certificate validation started to fail in the nightly build. I use private CA, and CA certificate is installed system-wide (placed in /etc/ssl/certs and c_rehash'ed). `openssl s_client -verify 1 -host ... -port ...Since a while ago, server certificate validation started to fail in the nightly build. I use private CA, and CA certificate is installed system-wide (placed in /etc/ssl/certs and c_rehash'ed). `openssl s_client -verify 1 -host ... -port ...` succeeds with "Verification: OK". However gajim insists that certificate is signed by an unknown CA.
* While opening XMPP connection, it offers to accept "untrusted" server certificate and then works
* httpupload over aesgcm/https does not work at all:
```
02/04/20 10:45:33 (I) gajim.p.omemo.filedecryption| Start downloading: https://average.org:9443/0aaa8f2ecdc342cdea76820e6eba57e0884fd630/5Q7yPp7QsTc0blwTog5RuJwkABmYOOPX0VYmxrLq/FrdvSlyBQX-EjGTtfnUErQ.jpg
02/04/20 10:45:33 (W) gajim.p.omemo.filedecryption| Download failed: https://average.org:9443/0aaa8f2ecdc342cdea76820e6eba57e0884fd630/5Q7yPp7QsTc0blwTog5RuJwkABmYOOPX0VYmxrLq/FrdvSlyBQX-EjGTtfnUErQ.jpg
02/04/20 10:45:33 (W) gajim.p.omemo.filedecryption| SSL handshake failed
```
I believe that gajim should either honour system-wide set of trusted CAs, or, if it insists on using using a private set of CAs, allow adding new CAs to that set. The first option is preferable, in my opinion.