Certificate mismatch error. Attn: Orborde

Praveen praveen_k_81 at yahoo.com
Tue Oct 2 17:05:39 EDT 2007 

Thanks for the reply Mark. Will do that for now.
 
----
I'll be more enthusiastic about encouraging thinking outside the box when there's evidence of any thinking going on inside it.
  - Terry Pratchett

----- Original Message ----
From: Mark Doliner <mark at kingant.net>
To: Praveen <praveen_k_81 at yahoo.com>; devel at pidgin.im
Sent: Monday, October 1, 2007 10:33:24 PM
Subject: Re: Certificate mismatch error. Attn: Orborde


On Mon, 1 Oct 2007 12:22:48 -0700 (PDT), Praveen wrote
> We are running imo.im, and we allow people to sign in with their 
> jabber IDs (under the network GTalk). We are trying to upgrade our 
> libpurple code to 2.2.0 and facing some problems with the
 certificates.
> 
> For example, using a Google Apps account (user at example.com) to log 
> into talk.google.com for IM (through Pidgin 2.2.0). We get the 
> following error:
> 
>  certificate/x509/tls_cached: Name mismatch: Certificate given for 
> example.com has a name of talk.google.com
> 
> With older versions of Pidgin, there were no certificate errors. The 
> current version of Pidgin apparently throws up a dialog where user 
> can choose to accept the certificate. Since we are using only 
> libpurple and not Pidgin (GTK UI), we have no way to continue. We 
> would like to request a generic signal/uiops mechanism to handle 
> this certificate mismatch error, such that users of libpurple can 
> programmatically handle these cases. And Pidgin UI can listen to 
> these signals (or uiops) and pop up a dialog as they do now.

libpurple/certificate.c uses a purple_request_action() dialog to ask
 the user
to accept or reject the certificate.  You could probably intercept the
PurpleRequestUiOps request_action and if the title is "SSL Certificate
Verification" then just call the "accept" callback.

The other option is to implement the UI op for PurpleRequestUiOps
request_action similar to how it is in Pidgin and prompt the user to
 accept or
reject the certificate.

-Mark





      ____________________________________________________________________________________
Check out the hottest 2008 models today at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html

More information about the Devel mailing list