Finch and mismatching x509 certificates...
Paul Aurich
darkrain42 at pidgin.im
Wed Sep 23 13:26:07 EDT 2009
On Sep 23, 2009, at 10:01, alessandro salvatori wrote:
Hi everybody,
>
> I am hitting this issue:
>
> Finch doesn't ask the user whether he wants to accept a mismatching
> certificate, but it just fails tls handshake and bails out.
> Pidgin instead presents me with a popup window, and after i accept
> the certificate i can move on.
>
> Is there any workaround, given I have the certificate as it were
> saved by Pidgin? Putting it in the certificate folder doesn't seem
> to suffice...
> If someone's got an easy fix, I'd be glad to get a patch and rebuild.
>
> Below you can see the (anonymized) debug logs.
Partially. Leaving in the 'cisco.com' but obfuscating the connection
server makes little sense, for the record. Anyone can sit down at a
terminal and reproduce the query.
> thank you!
> -Alessandro
> ▒│
> │16:56:19 gnutls: Starting handshake with
> cisco.com
> ▒
> │
> │16:56:19 gnutls: Handshake failed. Error A TLS fatal alert has
> been
> received
> .
> ▒│
> │16:56:19 connection: Connection error on 0x80ad588 (reason: 5
> description: SSL Handshake
> Failed) ▒│
This is an entirely different issue from a certificate warning/error
(which occurs *after* the handshake process).
My guess would be that you're not running Pidgin and Finch on the same
computer (or at least from the same install), so Pidgin is using the
NSS SSL plugin (as opposed to the GnuTLS plugin, which seems to not be
running in to these handshake failures).
If that's not the case, attach the Help->Debug Window output from
Pidgin connection properly as well as a debug log from Finch with the
PURPLE_GNUTLS_DEBUG environment variable set to 4 (that will generate
debug output from GnuTLS).
What version of Pidgin, Finch, and GnuTLS are you using?
~Paul
More information about the Support
mailing list