[Pidgin] #4010: Crash when connecting to XMPP/Jabber with mismatched SSL certificates
Pidgin
trac at pidgin.im
Tue Nov 20 10:46:27 EST 2007
#4010: Crash when connecting to XMPP/Jabber with mismatched SSL certificates
---------------------+------------------------------------------------------
Reporter: jjlawren | Owner: nwalp
Type: defect | Status: new
Priority: minor | Component: XMPP
Version: 2.2.2 | Keywords: gnutls, ssl, certificates, jabber, xmpp
Pending: 0 |
---------------------+------------------------------------------------------
Pidgin crashes when connecting to a Jabber server using SSL when the Cert
and Cert Issuer certificates don't match.
pidgin debug output:
(09:15:36) gnutls: Starting handshake with jabber.XXXXX.com
(09:15:37) gnutls: Handshake complete
(09:15:37) gnutls/x509: Key print: XXXXXXXXXXXXXXXX
(09:15:37) gnutls/x509: Key print: XXXXXXXXXXXXXXXX
(09:15:37) gnutls: Peer provided 2 certs
(09:15:37) gnutls: Lvl 0 SHA1 fingerprint: XXXXXXXXXXXXXXX
(09:15:37) gnutls: Serial: 11
(09:15:37) gnutls: Cert DN:
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX
(09:15:37) gnutls: Cert Issuer DN:
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY
(09:15:37) gnutls: Lvl 1 SHA1 fingerprint: XXXXXXXXXXXXXXX
(09:15:37) gnutls: Serial: 00
(09:15:37) gnutls: Cert DN:
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY
(09:15:37) gnutls: Cert Issuer DN:
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY
(09:15:37) certificate/x509/tls_cached: Starting verify for
jabber.XXXXX.com
(09:15:37) certificate/x509/tls_cached: Checking for cached cert...
(09:15:37) certificate/x509/tls_cached: ...Not in cache
(09:15:37) gnutls/x509: Certificate for
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX claims to be
issued by
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY,
but the certificate for
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX does not match.
(09:15:37) certificate: Checking signature chain for
uid=C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX
(09:15:37) gnutls/x509: Bad signature for
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY on
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX
(09:15:37) certificate: ...Bad or missing signature by
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY
Chain is INVALID
Pidgin has segfaulted......
(gdb) bt full
#0 0x00002b3191adead0 in strlen () from /lib/libc.so.6
#1 0x00002b3191aaf6f4 in vfprintf () from /lib/libc.so.6
#2 0x00002b3191ad14ad in vasprintf () from /lib/libc.so.6
#3 0x00002b3190af65e0 in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#4 0x00002b3190ae80a0 in g_strdup_vprintf () from
/usr/lib/libglib-2.0.so.0
#5 0x00002b3190ae813d in g_strdup_printf () from
/usr/lib/libglib-2.0.so.0
#6 0x00002b318fb341a6 in ?? () from /usr/lib/libpurple.so.0
#7 0x00002aaab19ef325 in ?? () from /usr/lib64/purple-2/ssl-gnutls.so
#8 0x000000000045e4ff in ?? ()
#9 0x00002b3190ac9e32 in g_main_context_dispatch ()
from /usr/lib/libglib-2.0.so.0
#10 0x00002b3190acd12d in ?? () from /usr/lib/libglib-2.0.so.0
#11 0x00002b3190acd416 in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
#12 0x00002b318d8b6dd2 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#13 0x0000000000472d20 in main ()
--
Ticket URL: <http://developer.pidgin.im/ticket/4010>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list