"Invalid certificate chain"?

Mark Doliner mark at kingant.net
Wed Jul 16 05:07:40 EDT 2008

2008/7/15 Ethan Blanton <elb at pidgin.im>:
> Mark Doliner spake unto us the following wisdom:
>> I'm unable to login to an XMPP account on the server jabber.ccc.de
>> using libpurple when compiled with GnuTLS (I think we don't check
>> certificates when using Mozilla-NSS?).  I get the "Invalid certificate
>> chain" error that comes from libpurple/certificate.c:1339.  There's a
>> note there that says, "TODO: Probably wrong."  Does anyone understand
>> what it means to have an invalid certificate chain?  Is this less
>> secure than a simple self-signed certificate?  Do we really want to
>> not allow connecting to servers with invalid certificate chains?  Is
>> this something we should prompt the user about?
> What revision are you using?  I added the CA for that server on July
> 4, in revision ffcb4d5cb92af02af4c4fbac964ac5699071d29a.  If you're
> using a revision prior to that, you'll get this error; if you're
> getting an error since then, it's something more complicated.
> I agree that our current situation seems too drastic; we probably
> should have an "I know this is busted, use it anyway" option.

I get the error with mtn trunk, and I double checked and I have both
CAcert_Class3.pem and CAcert_Root.pem in my share/purple/ca-certs/


More information about the Devel mailing list