[Pidgin] #4458: Can not verify a valid certifacate (Chain is INVALID)

Pidgin trac at pidgin.im
Fri Oct 24 02:31:08 EDT 2008


#4458: Can not verify a valid certifacate (Chain is INVALID)
-----------------------------------+----------------------------------------
 Reporter:  7bestman               |        Owner:  wehlhard 
     Type:  defect                 |       Status:  new      
Milestone:                         |    Component:  libpurple
  Version:  2.3.1                  |   Resolution:           
 Keywords:  ssl, Chain is INVALID  |  
-----------------------------------+----------------------------------------

Comment(by fippo):

 The problem is - in this case - not the signature of the certificate
 itself, which is using sha1-rsa. So telling server operators to get
 another certificate does not help.

 The problem only affects intermediate certificates signed with a 'weak'
 algorithm,
 root certificates signed with rsa-md5 are not affected. In this case, the
 intermediate certificate is even distributed by pidgin -
 CAcert_Class3.pem.

 I still wonder why gnutls-cli does not bark... it is not using the
 ALLOW_SIGN_RSA_MD5 flag.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/4458#comment:9>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list