[Pidgin] #12906: Unable to validate certificate

Pidgin trac at pidgin.im
Tue Nov 23 12:16:18 EST 2010


#12906: Unable to validate certificate
---------------------+------------------------------------------------------
 Reporter:  Anthara  |        Owner:  QuLogic
     Type:  defect   |       Status:  new    
Milestone:           |    Component:  MSN    
  Version:  2.7.5    |   Resolution:         
 Keywords:           |  
---------------------+------------------------------------------------------

Comment(by nosnilmot):

 Replying to [comment:96 johnroberts]:
 > Replying to [comment:94 deryni]:
 > > There appear to still be issues with the certificates for people using
 GnuTLS. People using Mozilla NSS also run into occasional issues but
 mostly work. Fixes for both of those things have been committed to
 monotone.
 >
 > It still eludes me, if besides the MSN certificate AFU/mess/havoc we are
 also having a glitch on the software side (on GnuTLS?) on how certificates
 are being handled...

 GnuTLS handles the invalid certificate chain presented by the MSN server
 differently from NSS. I had failed to properly test this when I originally
 identified the workaround of including additional intermediate
 certificates.

 > I am dully worried about the older 2.6.x trunk on Linux that cannot be
 updated due to various reasons... :s

 There is no "2.6.x trunk", but the fixes for these issues shouldn't be
 hard to backport to 2.6.x if you wish. The fixes to accommodate GnuTLS are
 in [0be86888d82fc0d9bd61c1426b73e52196b35817] and other optimizations to
 make NSS work more reliably are in
 [44e2c86fa3250a09c12de48785f224c5244d4819].

 > ATM, what I am seeing is a couple of error messages on the primary
 attempts, but after - say 4'-5', pidgin connects by itself w/o any further
 user intervention. I am parsing the log file now to see what is going on.

 Some servers are presenting a valid certificate chain and some are not -
 that is why it does not fail 100% of the time (and if they were all
 correctly configured we would have needed zero changes in Pidgin).

-- 
Ticket URL: <http://developer.pidgin.im/ticket/12906#comment:98>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list