Certificate mismatch error. Attn: Orborde
Mark Doliner
mark at kingant.net
Tue Oct 2 01:33:24 EDT 2007
On Mon, 1 Oct 2007 12:22:48 -0700 (PDT), Praveen wrote
> We are running imo.im, and we allow people to sign in with their
> jabber IDs (under the network GTalk). We are trying to upgrade our
> libpurple code to 2.2.0 and facing some problems with the certificates.
>
> For example, using a Google Apps account (user at example.com) to log
> into talk.google.com for IM (through Pidgin 2.2.0). We get the
> following error:
>
> certificate/x509/tls_cached: Name mismatch: Certificate given for
> example.com has a name of talk.google.com
>
> With older versions of Pidgin, there were no certificate errors. The
> current version of Pidgin apparently throws up a dialog where user
> can choose to accept the certificate. Since we are using only
> libpurple and not Pidgin (GTK UI), we have no way to continue. We
> would like to request a generic signal/uiops mechanism to handle
> this certificate mismatch error, such that users of libpurple can
> programmatically handle these cases. And Pidgin UI can listen to
> these signals (or uiops) and pop up a dialog as they do now.
libpurple/certificate.c uses a purple_request_action() dialog to ask the user
to accept or reject the certificate. You could probably intercept the
PurpleRequestUiOps request_action and if the title is "SSL Certificate
Verification" then just call the "accept" callback.
The other option is to implement the UI op for PurpleRequestUiOps
request_action similar to how it is in Pidgin and prompt the user to accept or
reject the certificate.
-Mark
More information about the Devel
mailing list