[Pidgin] #6680: Offline Message Error - rsi.hotmail.com

Pidgin trac at pidgin.im
Wed Sep 10 23:28:58 EDT 2008 

#6680: Offline Message Error - rsi.hotmail.com
-------------------------------------------------------------------------------------+
 Reporter:  aliam13_2                                                                |        Owner:  khc
     Type:  defect                                                                   |       Status:  new
Milestone:                                                                           |    Component:  MSN
  Version:  2.5.1                                                                    |   Resolution:     
 Keywords:  rsi.hotmail.com Offline Message Invalid certificate authority signature  |  
-------------------------------------------------------------------------------------+
Changes (by khc):

 * cc: elb, nosnilmot (added)


Comment:

 I don't know enough about nss to know if it fetches the intermediate
 certs, but here's the relevant part in the debug log when I receive a
 offline message:

 {{{
 (20:18:28) proxy: Connected to rsi.hotmail.com:443.
 (20:18:28) nss: subject=CN=rsi.hotmail.com,OU=MSN
 Hotmail,O=Microsoft,L=Mountain View,ST=California,C=US issuer=CN=Microsoft
 Secure Server Authority,DC=redmond,DC=corp,DC=microsoft,DC=com
 (20:18:28) nss: subject=CN=Microsoft Secure Server
 Authority,DC=redmond,DC=corp,DC=microsoft,DC=com issuer=CN=Microsoft
 Internet Authority
 (20:18:28) nss: subject=CN=Microsoft Internet Authority issuer=CN=GTE
 CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE
 Corporation,C=US
 (20:18:28) nss: subject=CN=GTE CyberTrust Global Root,OU="GTE CyberTrust
 Solutions, Inc.",O=GTE Corporation,C=US issuer=CN=GTE CyberTrust Global
 Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
 (20:18:28) certificate/x509/tls_cached: Starting verify for
 rsi.hotmail.com
 (20:18:28) certificate: CertificatePool x509, tls_peers requested but not
 found.
 (20:18:28) certificate/x509/tls_cached: Couldn't find local peers cache
 tls_peers
 (20:18:28) certificate: Checking signature chain for
 uid=CN=rsi.hotmail.com,OU=MSN Hotmail,O=Microsoft,L=Mountain
 View,ST=California,C=US
 (20:18:28) certificate: ...Good signature by CN=Microsoft Secure Server
 Authority,DC=redmond,DC=corp,DC=microsoft,DC=com
 (20:18:28) certificate: ...Good signature by CN=Microsoft Internet
 Authority
 (20:18:28) certificate: ...Good signature by CN=GTE CyberTrust Global
 Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
 (20:18:28) certificate: Chain is VALID
 }}}

 So at least it somehow knows what the immediate certs are. CC'ing people
 who know more about ssl than I do.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/6680#comment:17>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list