Bug #1728: Core launched with --require-ssl flag, but no certificate to load, will accept plaintext connections - Quassel IRC - Quassel IRC Issue Tracker

Bug #1728

Core launched with --require-ssl flag, but no certificate to load, will accept plaintext connections

Added by phuzion over 3 years ago. Updated over 3 years ago.

Status:

Resolved

Priority:

High

Assignee:

Category:

Quassel Core

Target version:

Start date:

06/16/2021

Due date:

% Done:

Estimated time:

Version:

0.13.1

OS:

Any

Description

Cores launched with the "--require-ssl" flag, (introduced in https://github.com/quassel/quassel/pull/43) will reject clients that do not accept SSL.

However, if the core itself does not have an SSL certificate available to load, the core will still launch, and happily accept plaintext connections.

This is an unexpected situation.

Steps to reproduce:

Install Quasselcore by whatever means you wish
Configure Quasselcore's data directory with no quasselCert.pem file
Launch Quasselcore with the "--require-ssl" flag on the command line

Expected results:

Quasselcore will not launch, because the core could not find an SSL certificate.

Actual results

Quasselcore launches, and accepts plaintext client connections.

Related issues

History

#1 Updated by phuzion over 3 years ago

PR submitted to fix this.

https://github.com/quassel/quassel/pull/581

#2 Updated by phuzion over 3 years ago

Related to Feature #1323: It doesn't seem to be possible to disable SSLv3. added

#3 Updated by phuzion over 3 years ago

Priority changed from Normal to High

Per relrod on Github, this bug has been assigned CVE-2021-34825 by MITRE.

MITRE CVE link.

#4 Updated by phuzion over 3 years ago

Status changed from New to Resolved

PR 581 has been merged, resolving this bug.

Also available in: Atom PDF

Project

General

Profile

Quassel IRC

Issues