[Pidgin] #4458: Can not verify a valid certifacate (Chain is INVALID)
Pidgin
trac at pidgin.im
Sat Oct 18 01:04:34 EDT 2008
#4458: Can not verify a valid certifacate (Chain is INVALID)
-----------------------------------+----------------------------------------
Reporter: 7bestman | Owner: nwalp
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.3.1 | Resolution:
Keywords: ssl, Chain is INVALID |
-----------------------------------+----------------------------------------
Comment(by fippo):
The certificate chain appears to be valid both with openssl s_client and
gnutls-cli.
The problem is that gnutls_x509_crt_verify in x509_certificate_signed_by
(libpurple/plugins/ssl/ssl-gnutls.c) returns
GNUTLS_CERT_INSECURE_ALGORITHM when checking the signature of the
intermediate certificate in the chain.
This error is explained on
http://www.gnu.org/software/gnutls/manual/html_node/Digital-
signatures.html along with a fix and the security implications.
Adding GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 to the flags of the verify call
'fixes' the problem.
--
Ticket URL: <http://developer.pidgin.im/ticket/4458#comment:2>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list