Pidgin 2.7.7 released!

Stu Tomlinson stu at nosnilmot.com
Thu Nov 25 11:20:48 EST 2010 

On Thu, 2010-11-25 at 08:55 +0100, Matthias Apitz wrote:
> El día Wednesday, November 24, 2010 a las 10:46:31AM +0100, Matthias Apitz escribió:
> > Thank you! I can ACK that 2.7.7. fixes the MSN certificate issue (using
> > gnuTLS on FreeBSD 8.1)
> 
> This was to early to say :-(

That's not good at all.

<snip>

> (08:50:41) gnutls/x509: Certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com claims to be issued by DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority, but the certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com does not match.
> (08:50:41) certificate: Checking signature chain for uid=C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com
> (08:50:41) gnutls/x509: Bad signature for DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority on C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com

The string "Bad signature for" has been changed to "Bad signature from"
in the above debug message, this suggests you are not using latest
libpurple or not using latest gnutls plugin. (this change was actually
made over 15 months ago!)

There should also be an additional log entry here saying:
(hh:mm:ss) gnutls: Dropping further peer certificates because the chain is broken!

Are you sure you are not using an older libpurple with current Pidgin?

What does "pidgin -v" report as the versions of Pidgin & libpurple?
Are you sure you don't have both self-compiled and distro-provided
pidgin in your path and running the wrong one? Does running "ldconfig"
as root fix pidgin 2.7.7 to link to correct libpurple 2.7.7 ?

If libpurple version is correct are you sure the ssl-gnutls.so plugin is
the one from 2.7.7? You'd probably have to check file timestamp to make
sure it was compiled around the same time (it's in
$prefix/lib/purple-2/ssl-gnutls.so)

Please also check from running "pidgin -d" exactly which ssl-gnutls.so
is being loaded.

Regards,


Stu.

More information about the Support mailing list