[Pidgin] #4010: Crash when connecting to XMPP/Jabber with mismatched SSL certificates
Pidgin
trac at pidgin.im
Tue Nov 20 11:01:09 EST 2007
#4010: Crash when connecting to XMPP/Jabber with mismatched SSL certificates
-----------------------+----------------------------------------------------
Reporter: jjlawren | Owner: nwalp
Type: defect | Status: new
Priority: minor | Milestone:
Component: XMPP | Version: 2.2.2
Resolution: | Keywords: gnutls, ssl, certificates, jabber, xmpp
Pending: 0 |
-----------------------+----------------------------------------------------
Comment (by jjlawren):
Pidgin crashes when connecting to a Jabber server using SSL when the Cert
and Cert Issuer certificates don't match.
pidgin debug output:[[BR]]
(09:15:36) gnutls: Starting handshake with jabber.XXXXX.com[[BR]]
(09:15:37) gnutls: Handshake complete[[BR]]
(09:15:37) gnutls/x509: Key print: XXXXXXXXXXXXXXXX[[BR]]
(09:15:37) gnutls/x509: Key print: XXXXXXXXXXXXXXXX[[BR]]
(09:15:37) gnutls: Peer provided 2 certs[[BR]]
(09:15:37) gnutls: Lvl 0 SHA1 fingerprint: XXXXXXXXXXXXXXX[[BR]]
(09:15:37) gnutls: Serial: 11[[BR]]
(09:15:37) gnutls: Cert DN:
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX[[BR]]
(09:15:37) gnutls: Cert Issuer DN:
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY[[BR]]
(09:15:37) gnutls: Lvl 1 SHA1 fingerprint: XXXXXXXXXXXXXXX[[BR]]
(09:15:37) gnutls: Serial: 00[[BR]]
(09:15:37) gnutls: Cert DN:
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY[[BR]]
(09:15:37) gnutls: Cert Issuer DN:
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY[[BR]]
(09:15:37) certificate/x509/tls_cached: Starting verify for
jabber.XXXXX.com[[BR]]
(09:15:37) certificate/x509/tls_cached: Checking for cached cert...[[BR]]
(09:15:37) certificate/x509/tls_cached: ...Not in cache[[BR]]
(09:15:37) gnutls/x509: Certificate for
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX claims to be
issued by
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY,
but the certificate for
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX does not
match.[[BR]]
(09:15:37) certificate: Checking signature chain for
uid=C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX[[BR]]
(09:15:37) gnutls/x509: Bad signature for
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY on
C=XX,ST=XXXXXXX,L=XXXXXXX,O=XXXXXXX,OU=XXXXXXX,CN=XXXXXXX[[BR]]
(09:15:37) certificate: ...Bad or missing signature by
C=YY,ST=YYYYYYY,L=YYYYYYY,O=YYYYYYY,OU=YYYYYYY,CN=YYYYYYY,EMAIL=YYYYYYY[[BR]]
Chain is INVALID[[BR]]
Pidgin has segfaulted......
(gdb) bt full[[BR]]
!#0 0x00002b3191adead0 in strlen () from /lib/libc.so.6[[BR]]
!#1 0x00002b3191aaf6f4 in vfprintf () from /lib/libc.so.6[[BR]]
!#2 0x00002b3191ad14ad in vasprintf () from /lib/libc.so.6[[BR]]
!#3 0x00002b3190af65e0 in g_vasprintf () from
/usr/lib/libglib-2.0.so.0[[BR]]
!#4 0x00002b3190ae80a0 in g_strdup_vprintf () from
/usr/lib/libglib-2.0.so.0[[BR]]
!#5 0x00002b3190ae813d in g_strdup_printf () from
/usr/lib/libglib-2.0.so.0[[BR]]
!#6 0x00002b318fb341a6 in ?? () from /usr/lib/libpurple.so.0[[BR]]
!#7 0x00002aaab19ef325 in ?? () from /usr/lib64/purple-2/ssl-
gnutls.so[[BR]]
!#8 0x000000000045e4ff in ?? ()[[BR]]
!#9 0x00002b3190ac9e32 in g_main_context_dispatch ()[[BR]]
from /usr/lib/libglib-2.0.so.0[[BR]]
!#10 0x00002b3190acd12d in ?? () from /usr/lib/libglib-2.0.so.0[[BR]]
!#11 0x00002b3190acd416 in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0[[BR]]
!#12 0x00002b318d8b6dd2 in gtk_main () from
/usr/lib/libgtk-x11-2.0.so.0[[BR]]
!#13 0x0000000000472d20 in main () [[BR]]
--
Ticket URL: <http://developer.pidgin.im/ticket/4010#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list