problems with MSN certificate chain

David Woolley forums at david-woolley.me.uk
Sat Jan 19 07:16:55 EST 2013


Matthias Apitz wrote:
> El día Friday, January 18, 2013 a las 05:23:30PM +0000, David Woolley escribió:
> 
>> David Woolley wrote:
>>
>>> To the extent that that is the problem, simply replacing the .pem file 
>>> with a current one, should sort the problem.  I don't know if you will 
>> The server certificates don't seem to include the full certificate 
>> chain, so I think you will need to install the pem file for MSIT Machine 
>> Authority CA-2.  Doing so may be more important than correcting the 
>> expired certificate.  (I'm wondering if Pidgin is ignoring expiry dates.)
>>
>> The immediate signer of an earlier certificate was Microsoft Secure 
>> Server  Authority, which is known to Pidgin, but also expired in 
>> February 2011.
> 
> There is a ticket at
> https://developer.pidgin.im/ticket/15468
> and I have copied the certificate Baltimore_CyberTrust_Root.pem
> which is attached there on my FreeBSD system to /usr/local/share/purple/ca-certs/
> and all is fine again (until March 15, of course).
> 

I was just going to post that link!  I guess that MSN is sending the 
whole certificate chain, even though Pidgin isn't storing it, so Pidgin 
is able to track back to the overall root.

The issue report says this is scheduled for Pidgin 2.10.7.

There are still a lot of expired certificates.

-- 
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.




More information about the Support mailing list