mirror of
https://github.com/chatmail/core.git
synced 2026-04-17 21:46:35 +03:00
BREAKING: Remove Secure-Join-Fingerprint header from "vc-contact-confirm", "vg-member-added" messages (#3836)
It's a compatibility crutch for old clients (< 1.107.0), they require it in the subject
messages. Currently DC sends Autocrypt key gossips instead, they're better because knowing a key
allows not to only trust the peer, but also encrypt to it. Before it was a problem for other devices
on a joining side going online after a successful Securejoin setup -- they didn't have a joiner's
key to encrypt to it. So, we decided not to complicate the Securejoin with sending keys instead, but
rely on the Autocrypt.
Also there's a PR to the Countermitm doc documenting when gossips in 'vc-request-with-auth' are
needed:
Bob's own key fingerprint ``Bob_FP``,
the second challenge ``AUTH`` from step 1 and
optionally an Autocrypt-Gossip header for Alice's
Autocrypt key in order for a second device of Bob
to learn Alice's verified key.
This commit is contained in:
iequidoo
@@ -6,6 +6,7 @@
|
||||
- BREAKING: jsonrpc:
|
||||
- `get_chatlist_items_by_entries` now takes only chatids instead of `ChatListEntries`
|
||||
- `get_chatlist_entries` now returns `Vec<u32>` of chatids instead of `ChatListEntries`
|
||||
- BREAKING: Remove Secure-Join-Fingerprint header from "vc-contact-confirm", "vg-member-added" messages.
|
||||
|
||||
|
||||
## [1.114.0] - 2023-04-24
|
||||
|
||||
@@ -945,17 +945,6 @@ impl<'a> MimeFactory<'a> {
|
||||
"Secure-Join".to_string(),
|
||||
"vg-member-added".to_string(),
|
||||
));
|
||||
// FIXME: Old clients require Secure-Join-Fingerprint header. Remove this
|
||||
// eventually.
|
||||
let fingerprint = Peerstate::from_addr(context, email_to_add)
|
||||
.await?
|
||||
.context("No peerstate found in db")?
|
||||
.public_key_fingerprint
|
||||
.context("No public key fingerprint in db for the member to add")?;
|
||||
headers.protected.push(Header::new(
|
||||
"Secure-Join-Fingerprint".into(),
|
||||
fingerprint.hex(),
|
||||
));
|
||||
}
|
||||
}
|
||||
SystemMessage::GroupNameChanged => {
|
||||
|
||||
@@ -465,14 +465,9 @@ pub(crate) async fn handle_securejoin_handshake(
|
||||
info_chat_id(context, contact_id).await?,
|
||||
)
|
||||
.await?;
|
||||
send_alice_handshake_msg(
|
||||
context,
|
||||
contact_id,
|
||||
"vc-contact-confirm",
|
||||
Some(fingerprint),
|
||||
)
|
||||
.await
|
||||
.context("failed sending vc-contact-confirm message")?;
|
||||
send_alice_handshake_msg(context, contact_id, "vc-contact-confirm", None)
|
||||
.await
|
||||
.context("failed sending vc-contact-confirm message")?;
|
||||
|
||||
inviter_progress!(context, contact_id, 1000);
|
||||
}
|
||||
@@ -631,32 +626,6 @@ pub(crate) async fn observe_securejoin_on_other_device(
|
||||
}
|
||||
peerstate.prefer_encrypt = EncryptPreference::Mutual;
|
||||
peerstate.save_to_db(&context.sql).await.unwrap_or_default();
|
||||
} else if let Some(fingerprint) =
|
||||
mime_message.get_header(HeaderDef::SecureJoinFingerprint)
|
||||
{
|
||||
// FIXME: Old versions of DC send this header instead of gossips. Remove this
|
||||
// eventually.
|
||||
let fingerprint = fingerprint.parse()?;
|
||||
if mark_peer_as_verified(
|
||||
context,
|
||||
fingerprint,
|
||||
Contact::load_from_db(context, contact_id)
|
||||
.await?
|
||||
.get_addr()
|
||||
.to_owned(),
|
||||
)
|
||||
.await
|
||||
.is_err()
|
||||
{
|
||||
could_not_establish_secure_connection(
|
||||
context,
|
||||
contact_id,
|
||||
info_chat_id(context, contact_id).await?,
|
||||
format!("Fingerprint mismatch on observing {step}.").as_ref(),
|
||||
)
|
||||
.await?;
|
||||
return Ok(HandshakeMessage::Ignore);
|
||||
}
|
||||
} else {
|
||||
could_not_establish_secure_connection(
|
||||
context,
|
||||
|
||||
Reference in New Issue
Block a user