[Pidgin] #12906: Unable to validate certificate

Pidgin trac at pidgin.im
Tue Nov 23 06:51:15 EST 2010 

#12906: Unable to validate certificate
---------------------+------------------------------------------------------
 Reporter:  Anthara  |        Owner:  QuLogic
     Type:  defect   |       Status:  new    
Milestone:           |    Component:  MSN    
  Version:  2.7.5    |   Resolution:         
 Keywords:           |  
---------------------+------------------------------------------------------

Comment(by johnroberts):

 Confirming this as an issue, persisting the solution described in
 [http://developer.pidgin.im/wiki/MSNCertIssue] with the intermediate
 certificates provided. Did try also the certificates
 included in the Windows installer, w/o success. Installations are Linux
 2.6.x (2.6.2 & 2.6.6)
 where upgrade to the 2.7.x trunk is not available. Handshake with MSN
 servers is still erratic
 - as before. Sometimes it is possible to log in, sometimes not. Extremely
 irritating :s
 In all installations, location of certificates is the default one, at
 /usr/share/purple/ca-certs.

 Here is the error info from the debug window:

 (don't know if first error is relevant or not..)

 {{{
 (13:32:07) gnutls: Attempting to load X.509 certificate from
 /home/username/.purple/certificates/x509/tls_peers/login.live.com
 (13:32:07) certificate/x509/tls_cached: Peer cert matched cached
 (13:32:07) util: Writing file
 /home/username/.purple/certificates/x509/tls_peers/login.live.com
 (13:32:07) certificate: Successfully verified certificate for
 login.live.com
 (13:32:07) soap: Sending secure request.
 (13:32:08) soap: read 351 bytes
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: Received secure request.
 (13:32:08) soap: read 14624 bytes
 '''(13:32:08) gnutls: receive failed: A TLS packet with unexpected length
 was received.
 (13:32:08) soap: read: Input/output error'''
 (13:32:08) soap: Received secure request.
 (13:32:08) msn: Updated ticket for domain 'messengerclear.live.com',
 expires at 1290540733.
 (13:32:08) msn: Updated ticket for domain 'messenger.msn.com', expires at
 1290512433.
 (13:32:08) msn: Updated ticket for domain 'contacts.msn.com', expires at
 1290540733.
 (13:32:08) msn: Updated ticket for domain 'messengersecure.live.com',
 expires at 1290598333.
 (13:32:08) msn: Updated ticket for domain 'spaces.live.com', expires at
 1290540733.
 (13:32:08) msn: Updated ticket for domain 'livecontacts.live.com', expires
 at 1290540733.
 (13:32:08) msn: Updated ticket for domain 'storage.live.com', expires at
 1290540733.
 }}}


 {{{
 (13:32:10) certificate/x509/tls_cached: Starting verify for
 omega.contacts.msn.com
 (13:32:10) certificate/x509/tls_cached: Checking for cached cert...
 (13:32:10) certificate/x509/tls_cached: ...Found cached cert
 (13:32:10) gnutls: Attempting to load X.509 certificate from
 /home/username/.purple/certificates/x509/tls_peers/omega.contacts.msn.com
 (13:32:10) certificate/x509/tls_cached: Peer cert did NOT match cached
 (13:32:10) gnutls/x509: Certificate C=US,ST=WA,L=Redmond,O=MSN,OU=MSN
 Contact Services,CN=*.contacts.msn.com is issued by
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority, which does not match C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com.
 (13:32:10) certificate: Checking signature chain for
 uid=C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com
 (13:32:10) gnutls/x509: Bad signature from
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority on C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com
 (13:32:10) certificate: ...Bad or missing signature by
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
 Chain is INVALID
 (13:32:10) certificate: Failed to verify certificate for
 omega.contacts.msn.com
 (13:32:10) msn: Operation {} failed. No response received from server.
 (13:32:10) msn: C: NS 000: OUT
 (13:32:10) connection: Connection error on ... (reason: 0 description:
 Your MSN buddy list is temporarily unavailable. Please wait and try
 again.)
 }}}

-- 
Ticket URL: <http://developer.pidgin.im/ticket/12906#comment:90>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list