[Pidgin] #4725: Look deep into SSL certificate chain for issuers
Pidgin
trac at pidgin.im
Wed Feb 20 20:40:23 EST 2008
#4725: Look deep into SSL certificate chain for issuers
------------------------+---------------------------------------------------
Reporter: wehlhard | Owner:
Type: defect | Status: new
Priority: minor | Milestone:
Component: libpurple | Version: 2.3.1
Resolution: | Keywords:
Pending: 0 |
------------------------+---------------------------------------------------
Old description:
> The following certificate chain should be valid, even though the
> signatures are not in order.
>
>
> (16:37:17) account: Connecting to account XXXXXXX at jabber.wit.edu.pl/Home
> (16:37:17) connection: Connecting. gc = 0x81a170
> (16:37:17) dnssrv: querying SRV record for _xmpp-
> client._tcp.jabber.wit.edu.pl
> (16:37:17) dnssrv: found 0 SRV entries
> (16:37:17) dns: DNS query for 'jabber.wit.edu.pl' queued
> (16:37:17) dns: Created new DNS child 11558, there are now 1 children.
> (16:37:17) dns: Successfully sent DNS request to child 11558
> (16:37:17) dns: Got response for 'jabber.wit.edu.pl'
> (16:37:17) dnsquery: IP resolved for jabber.wit.edu.pl
> (16:37:17) proxy: Attempting connection to 213.135.44.44
> (16:37:17) proxy: Connecting to jabber.wit.edu.pl:5222 with no proxy
> (16:37:17) proxy: Connection in progress
> (16:37:17) proxy: Connected to jabber.wit.edu.pl:5222.
> (16:37:17) jabber: Sending: <?xml version='1.0' ?>
> (16:37:17) jabber: Sending: <stream:stream to='jabber.wit.edu.pl'
> xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
> version='1.0'>
> (16:37:17) jabber: Recv (191): <?xml version='1.0'?><stream:stream
> xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
> from='jabber.wit.edu.pl' version='1.0'
> id='5ffnpytmt2kv47ef7x47ncktkzbgeebjtr6ip04j'>
> (16:37:17) jabber: Recv (205): <stream:features
> xmlns:stream='http://etherx.jabber.org/streams'><starttls
> xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls><auth
> xmlns='http://jabber.org/features/iq-auth'/></stream:features>
> (16:37:17) jabber: Sending: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-
> tls'/>
> (16:37:17) jabber: Recv (50): <proceed xmlns='urn:ietf:params:xml:ns
> :xmpp-tls'/>
> (16:37:17) gnutls: Starting handshake with jabber.wit.edu.pl
> (16:37:18) gnutls: Handshake complete
> (16:37:18) gnutls/x509: Key print:
> 8a:0f:7f:8d:6f:c2:3c:26:8c:b0:3d:3e:6a:4c:5a:83:fe:3a:46:10
> (16:37:18) gnutls/x509: Key print:
> 7a:01:f0:22:a2:02:42:45:7d:75:36:09:df:ff:00:35:e4:a2:33:f4
> (16:37:18) gnutls/x509: Key print:
> 80:c3:bb:cc:87:e1:0f:28:43:8b:7b:b8:f0:74:b9:7b:f9:c0:0d:f7
> (16:37:18) gnutls/x509: Key print:
> 06:6f:c8:54:cc:cd:73:95:21:af:ee:ef:0c:43:ff:cd:6a:11:6b:bf
> (16:37:18) gnutls/x509: Key print:
> 2e:de:f1:e8:66:d8:51:13:0d:a4:3d:b8:ec:d3:26:c8:43:d0:7e:ea
> (16:37:18) gnutls/x509: Key print:
> 62:52:dc:40:f7:11:43:a2:2f:de:9e:f7:34:8e:06:42:51:b1:81:18
> (16:37:18) gnutls: Peer provided 6 certs
> (16:37:18) gnutls: Lvl 0 SHA1 fingerprint:
> 8a:0f:7f:8d:6f:c2:3c:26:8c:b0:3d:3e:6a:4c:5a:83:fe:3a:46:10
> (16:37:18) gnutls: Serial: 03:b9:1c
> (16:37:18) gnutls: Cert DN: C=PL,O=Wyzsza Szkola Informatyki Stosowanej i
> Zarzadzania,OU=Laboratoria
> Komputerowe,CN=jabber.wit.edu.pl,EMAIL=admin at wit.edu.pl
> (16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum
> Level III
> (16:37:18) gnutls: Lvl 1 SHA1 fingerprint:
> 7a:01:f0:22:a2:02:42:45:7d:75:36:09:df:ff:00:35:e4:a2:33:f4
> (16:37:18) gnutls: Serial: 01:00:21
> (16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum Level I
> (16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
> (16:37:18) gnutls: Lvl 2 SHA1 fingerprint:
> 80:c3:bb:cc:87:e1:0f:28:43:8b:7b:b8:f0:74:b9:7b:f9:c0:0d:f7
> (16:37:18) gnutls: Serial: 01:00:22
> (16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum Level II
> (16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
> (16:37:18) gnutls: Lvl 3 SHA1 fingerprint:
> 06:6f:c8:54:cc:cd:73:95:21:af:ee:ef:0c:43:ff:cd:6a:11:6b:bf
> (16:37:18) gnutls: Serial: 01:00:23
> (16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum Level III
> (16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
> (16:37:18) gnutls: Lvl 4 SHA1 fingerprint:
> 2e:de:f1:e8:66:d8:51:13:0d:a4:3d:b8:ec:d3:26:c8:43:d0:7e:ea
> (16:37:18) gnutls: Serial: 01:00:24
> (16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum Level IV
> (16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
> (16:37:18) gnutls: Lvl 5 SHA1 fingerprint:
> 62:52:dc:40:f7:11:43:a2:2f:de:9e:f7:34:8e:06:42:51:b1:81:18
> (16:37:18) gnutls: Serial: 01:00:20
> (16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
> (16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
> (16:37:18) certificate/x509/tls_cached: Starting verify for
> jabber.wit.edu.pl
> (16:37:18) certificate/x509/tls_cached: Checking for cached cert...
> (16:37:18) certificate/x509/tls_cached: ...Found cached cert
> (16:37:18) gnutls: Attempting to load X.509 certificate from
> /home/faustov/.purple/certificates/x509/tls_peers/jabber.wit.edu.pl
> (16:37:18) certificate/x509/tls_cached: Peer cert did NOT match cached
> (16:37:18) certificate/x509/tls_cached: Certificate for jabber.wit.edu.pl
> does not match cached. Auto-rejecting!
> (16:37:18) certificate: Failed to verify certificate for
> jabber.wit.edu.pl
> (16:37:18) dbus: Need to register an object with the dbus subsystem. (If
> you are not a developer, please ignore this message.)
> (16:37:18) dbus: The signal "account-error-changed" caused some dbus
> error. (If you are not a developer, please ignore this message.)
> (16:37:18) g_log: file dbus-server.c: line 735
> (purple_dbus_message_append_purple_values): should not be reached
> (16:37:18) dbus: The signal "connection-error" caused some dbus error.
> (If you are not a developer, please ignore this message.)
> (16:37:18) account: Disconnecting account 0x74aca0
> (16:37:18) connection: Disconnecting connection 0x81a170
> (16:37:18) connection: Destroying connection 0x81a170
> (16:37:22) util: Writing file accounts.xml to directory
> /home/faustov/.purple
> (16:37:22) util: Writing file /home/faustov/.purple/accounts.xml
New description:
The following certificate chain should be valid, even though the
signatures are not in order.
{{{
(16:37:17) account: Connecting to account XXXXXXX at jabber.wit.edu.pl/Home
(16:37:17) connection: Connecting. gc = 0x81a170
(16:37:17) dnssrv: querying SRV record for _xmpp-
client._tcp.jabber.wit.edu.pl
(16:37:17) dnssrv: found 0 SRV entries
(16:37:17) dns: DNS query for 'jabber.wit.edu.pl' queued
(16:37:17) dns: Created new DNS child 11558, there are now 1 children.
(16:37:17) dns: Successfully sent DNS request to child 11558
(16:37:17) dns: Got response for 'jabber.wit.edu.pl'
(16:37:17) dnsquery: IP resolved for jabber.wit.edu.pl
(16:37:17) proxy: Attempting connection to 213.135.44.44
(16:37:17) proxy: Connecting to jabber.wit.edu.pl:5222 with no proxy
(16:37:17) proxy: Connection in progress
(16:37:17) proxy: Connected to jabber.wit.edu.pl:5222.
(16:37:17) jabber: Sending: <?xml version='1.0' ?>
(16:37:17) jabber: Sending: <stream:stream to='jabber.wit.edu.pl'
xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
version='1.0'>
(16:37:17) jabber: Recv (191): <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
from='jabber.wit.edu.pl' version='1.0'
id='5ffnpytmt2kv47ef7x47ncktkzbgeebjtr6ip04j'>
(16:37:17) jabber: Recv (205): <stream:features
xmlns:stream='http://etherx.jabber.org/streams'><starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls><auth
xmlns='http://jabber.org/features/iq-auth'/></stream:features>
(16:37:17) jabber: Sending: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-
tls'/>
(16:37:17) jabber: Recv (50): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-
tls'/>
(16:37:17) gnutls: Starting handshake with jabber.wit.edu.pl
(16:37:18) gnutls: Handshake complete
(16:37:18) gnutls/x509: Key print:
8a:0f:7f:8d:6f:c2:3c:26:8c:b0:3d:3e:6a:4c:5a:83:fe:3a:46:10
(16:37:18) gnutls/x509: Key print:
7a:01:f0:22:a2:02:42:45:7d:75:36:09:df:ff:00:35:e4:a2:33:f4
(16:37:18) gnutls/x509: Key print:
80:c3:bb:cc:87:e1:0f:28:43:8b:7b:b8:f0:74:b9:7b:f9:c0:0d:f7
(16:37:18) gnutls/x509: Key print:
06:6f:c8:54:cc:cd:73:95:21:af:ee:ef:0c:43:ff:cd:6a:11:6b:bf
(16:37:18) gnutls/x509: Key print:
2e:de:f1:e8:66:d8:51:13:0d:a4:3d:b8:ec:d3:26:c8:43:d0:7e:ea
(16:37:18) gnutls/x509: Key print:
62:52:dc:40:f7:11:43:a2:2f:de:9e:f7:34:8e:06:42:51:b1:81:18
(16:37:18) gnutls: Peer provided 6 certs
(16:37:18) gnutls: Lvl 0 SHA1 fingerprint:
8a:0f:7f:8d:6f:c2:3c:26:8c:b0:3d:3e:6a:4c:5a:83:fe:3a:46:10
(16:37:18) gnutls: Serial: 03:b9:1c
(16:37:18) gnutls: Cert DN: C=PL,O=Wyzsza Szkola Informatyki Stosowanej i
Zarzadzania,OU=Laboratoria
Komputerowe,CN=jabber.wit.edu.pl,EMAIL=admin at wit.edu.pl
(16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum
Level III
(16:37:18) gnutls: Lvl 1 SHA1 fingerprint:
7a:01:f0:22:a2:02:42:45:7d:75:36:09:df:ff:00:35:e4:a2:33:f4
(16:37:18) gnutls: Serial: 01:00:21
(16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum Level I
(16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
(16:37:18) gnutls: Lvl 2 SHA1 fingerprint:
80:c3:bb:cc:87:e1:0f:28:43:8b:7b:b8:f0:74:b9:7b:f9:c0:0d:f7
(16:37:18) gnutls: Serial: 01:00:22
(16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum Level II
(16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
(16:37:18) gnutls: Lvl 3 SHA1 fingerprint:
06:6f:c8:54:cc:cd:73:95:21:af:ee:ef:0c:43:ff:cd:6a:11:6b:bf
(16:37:18) gnutls: Serial: 01:00:23
(16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum Level III
(16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
(16:37:18) gnutls: Lvl 4 SHA1 fingerprint:
2e:de:f1:e8:66:d8:51:13:0d:a4:3d:b8:ec:d3:26:c8:43:d0:7e:ea
(16:37:18) gnutls: Serial: 01:00:24
(16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum Level IV
(16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
(16:37:18) gnutls: Lvl 5 SHA1 fingerprint:
62:52:dc:40:f7:11:43:a2:2f:de:9e:f7:34:8e:06:42:51:b1:81:18
(16:37:18) gnutls: Serial: 01:00:20
(16:37:18) gnutls: Cert DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
(16:37:18) gnutls: Cert Issuer DN: C=PL,O=Unizeto Sp. z o.o.,CN=Certum CA
(16:37:18) certificate/x509/tls_cached: Starting verify for
jabber.wit.edu.pl
(16:37:18) certificate/x509/tls_cached: Checking for cached cert...
(16:37:18) certificate/x509/tls_cached: ...Found cached cert
(16:37:18) gnutls: Attempting to load X.509 certificate from
/home/faustov/.purple/certificates/x509/tls_peers/jabber.wit.edu.pl
(16:37:18) certificate/x509/tls_cached: Peer cert did NOT match cached
(16:37:18) certificate/x509/tls_cached: Certificate for jabber.wit.edu.pl
does not match cached. Auto-rejecting!
(16:37:18) certificate: Failed to verify certificate for jabber.wit.edu.pl
(16:37:18) dbus: Need to register an object with the dbus subsystem. (If
you are not a developer, please ignore this message.)
(16:37:18) dbus: The signal "account-error-changed" caused some dbus
error. (If you are not a developer, please ignore this message.)
(16:37:18) g_log: file dbus-server.c: line 735
(purple_dbus_message_append_purple_values): should not be reached
(16:37:18) dbus: The signal "connection-error" caused some dbus error. (If
you are not a developer, please ignore this message.)
(16:37:18) account: Disconnecting account 0x74aca0
(16:37:18) connection: Disconnecting connection 0x81a170
(16:37:18) connection: Destroying connection 0x81a170
(16:37:22) util: Writing file accounts.xml to directory
/home/faustov/.purple
(16:37:22) util: Writing file /home/faustov/.purple/accounts.xml
}}}
--
Ticket URL: <http://developer.pidgin.im/ticket/4725#comment:3>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list