Eion Robb eion at robbmob.com
Thu Jun 18 21:29:17 EDT 2015


I've chatted to a few people in #pidgin about this too.

I'm seeing everything is being reported as OK
[image: Inline images 1]

What I have found recently whilst trying to upgrade our Startcom/StartSSL
certs to sha256, is that some machines have an invalid intermediate
certificate installed on them, which makes this
[image: Inline images 2]
look like the certificate is actually invalid, and look different on other
machines.  The only commonality I've found to people having invalid certs
is that they were dev machines.

The comodo certificate expiring is definitely not a problem, it seems to be
a machine specific setup and could be caused by other software installing
the intermediate cert's.

So, in summary, not sure what's causing the certs to be invalid, but it's
not something you've done wrong Datallah


On 19 June 2015 at 01:30, Daniel Atallah <datallah at pidgin.im> wrote:

>
> On Wed, Jun 17, 2015 at 3:08 PM, Richard Laager <rlaager at wiktel.com>
> wrote:
> >
> > On 06/17/2015 01:01 PM, Albert wrote:
> >>
> >> One of the counter-signatures is not valid.  The file may have been
> altered
> >
> >
> > Thanks for bringing this to our attention.
> >
> > This seems to be caused by the fact that the "COMODO Time Stamping
> Server" certificate expired on May 10th.
> >
> > I'm not familiar with or setup for Windows code signing, so I can't
> solve the problem personally. I've copied Daniel Atallah, who signs the
> Windows releases, to make sure he's aware of this issue.
>
>
> Hmm... I'm not sure what to do about this retroactively.
>
> The whole point of the timestamp signing is to keep the signature valid
> past the signer's expiration date, but this has effectively had the
> opposite effect.
>
> What I can do is to make sure that I look at the expiration date in the
> future.
>
> -D
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20150619/ca4f4318/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 24349 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20150619/ca4f4318/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 31937 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20150619/ca4f4318/attachment-0003.png>


More information about the security mailing list