"Invalid certificate chain"?
Mark Doliner
mark at kingant.net
Wed Jul 16 05:07:40 EDT 2008
2008/7/15 Ethan Blanton <elb at pidgin.im>:
> Mark Doliner spake unto us the following wisdom:
>> I'm unable to login to an XMPP account on the server jabber.ccc.de
>> using libpurple when compiled with GnuTLS (I think we don't check
>> certificates when using Mozilla-NSS?). I get the "Invalid certificate
>> chain" error that comes from libpurple/certificate.c:1339. There's a
>> note there that says, "TODO: Probably wrong." Does anyone understand
>> what it means to have an invalid certificate chain? Is this less
>> secure than a simple self-signed certificate? Do we really want to
>> not allow connecting to servers with invalid certificate chains? Is
>> this something we should prompt the user about?
>
> What revision are you using? I added the CA for that server on July
> 4, in revision ffcb4d5cb92af02af4c4fbac964ac5699071d29a. If you're
> using a revision prior to that, you'll get this error; if you're
> getting an error since then, it's something more complicated.
>
> I agree that our current situation seems too drastic; we probably
> should have an "I know this is busted, use it anyway" option.
I get the error with mtn trunk, and I double checked and I have both
CAcert_Class3.pem and CAcert_Root.pem in my share/purple/ca-certs/
directory.
-Mark
More information about the Devel
mailing list