[Pidgin] #12906: Unable to validate certificate

Pidgin trac at pidgin.im
Tue Nov 23 15:02:46 EST 2010 

#12906: Unable to validate certificate
---------------------+------------------------------------------------------
 Reporter:  Anthara  |        Owner:  QuLogic
     Type:  defect   |       Status:  new    
Milestone:           |    Component:  MSN    
  Version:  2.7.5    |   Resolution:         
 Keywords:           |  
---------------------+------------------------------------------------------

Comment(by johnroberts):

 I checked the log file and it seems the server providing this chain
 validates Ok


 {{{
 (18:01:52) gnutls: Starting handshake with omega.contacts.msn.com
 (18:01:53) gnutls: Handshake complete
 (18:01:53) gnutls/x509: Key print:
 c8:f3:b1:69:52:36:07:33:b5:02:1b:a2:b2:b4:ce:32:b9:68:37:36
 (18:01:53) gnutls/x509: Key print:
 3a:dd:0e:7e:a2:b2:84:ff:45:9e:13:73:65:b4:82:d1:88:df:bf:8a
 (18:01:53) gnutls/x509: Key print:
 e5:95:8d:48:fe:10:d7:34:03:11:e8:c0:3b:b2:29:40:da:ba:2d:a3
 (18:01:53) gnutls: Peer provided 3 certs
 (18:01:53) gnutls: Lvl 0 SHA1 fingerprint:
 c8:f3:b1:69:52:36:07:33:b5:02:1b:a2:b2:b4:ce:32:b9:68:37:36
 (18:01:53) gnutls: Serial: 17:a3:8a:27:00:08:00:01:96:b1
 (18:01:53) gnutls: Cert DN: C=US,L=Redmond,O=Microsoft,OU=MSN Contact
 Services,CN=*.contacts.msn.com,EMAIL=cdpops at microsoft.com
 (18:01:53) gnutls: Cert Issuer DN:
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
 (18:01:53) gnutls: Lvl 1 SHA1 fingerprint:
 3a:dd:0e:7e:a2:b2:84:ff:45:9e:13:73:65:b4:82:d1:88:df:bf:8a
 (18:01:53) gnutls: Serial: 61:03:33:36:00:05:00:00:00:30
 (18:01:53) gnutls: Cert DN:
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
 (18:01:53) gnutls: Cert Issuer DN: CN=Microsoft Internet Authority
 (18:01:53) gnutls: Lvl 2 SHA1 fingerprint:
 e5:95:8d:48:fe:10:d7:34:03:11:e8:c0:3b:b2:29:40:da:ba:2d:a3
 (18:01:53) gnutls: Serial: 07:27:62:02
 (18:01:53) gnutls: Cert DN: CN=Microsoft Internet Authority
 (18:01:53) gnutls: Cert Issuer DN: C=US,O=GTE Corporation,OU=GTE
 CyberTrust Solutions\, Inc.,CN=GTE CyberTrust Global Root
 (18:01:53) certificate/x509/tls_cached: Starting verify for
 omega.contacts.msn.com
 (18:01:53) certificate/x509/tls_cached: Checking for cached cert...
 (18:01:53) certificate/x509/tls_cached: ...Found cached cert
 (18:01:53) gnutls: Attempting to load X.509 certificate from
 /home/user/.purple/certificates/x509/tls_peers/omega.contacts.msn.com
 (18:01:53) certificate/x509/tls_cached: Peer cert matched cached
 (18:01:53) certificate: Successfully verified certificate for
 omega.contacts.msn.com
 }}}

 while this chain always fails


 {{{
 (17:54:59) gnutls: Starting handshake with omega.contacts.msn.com
 (17:55:01) gnutls: Handshake complete
 (17:55:01) gnutls/x509: Key print:
 ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b
 (17:55:01) gnutls/x509: Key print:
 7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05
 (17:55:01) gnutls/x509: Key print:
 3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25
 (17:55:01) gnutls: Peer provided 3 certs
 (17:55:01) gnutls: Lvl 0 SHA1 fingerprint:
 ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b
 (17:55:01) gnutls: Serial: 7d:da:e0:49:00:08:00:01:c8:b9
 (17:55:01) gnutls: Cert DN: C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com
 (17:55:01) gnutls: Cert Issuer DN:
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
 (17:55:01) gnutls: Lvl 1 SHA1 fingerprint:
 7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05
 (17:55:01) gnutls: Serial: 61:16:6d:2f:00:04:00:00:00:20
 (17:55:01) gnutls: Cert DN:
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
 (17:55:01) gnutls: Cert Issuer DN: CN=Microsoft Internet Authority
 (17:55:01) gnutls: Lvl 2 SHA1 fingerprint:
 3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25
 (17:55:01) gnutls: Serial: 07:27:16:75
 (17:55:01) gnutls: Cert DN: CN=Microsoft Internet Authority
 (17:55:01) gnutls: Cert Issuer DN: C=US,O=GTE Corporation,OU=GTE
 CyberTrust Solutions\, Inc.,CN=GTE CyberTrust Global Root
 (17:55:01) certificate/x509/tls_cached: Starting verify for
 omega.contacts.msn.com
 (17:55:01) certificate/x509/tls_cached: Checking for cached cert...
 (17:55:01) certificate/x509/tls_cached: ...Found cached cert
 (17:55:01) gnutls: Attempting to load X.509 certificate from
 /home/user/.purple/certificates/x509/tls_peers/omega.contacts.msn.com
 (17:55:01) certificate/x509/tls_cached: Peer cert did NOT match cached
 (17:55:01) gnutls/x509: Certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN
 Contact Services,CN=*.contacts.msn.com claims to be issued by
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority, but the certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN
 Contact Services,CN=*.contacts.msn.com does not match.
 (17:55:01) certificate: Checking signature chain for
 uid=C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com
 (17:55:01) gnutls/x509: Bad signature from
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority on C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com
 (17:55:01) certificate: ...Bad or missing signature by
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
 Chain is INVALID
 (17:55:01) certificate: Failed to verify certificate for
 omega.contacts.msn.com
 }}}

-- 
Ticket URL: <http://developer.pidgin.im/ticket/12906#comment:100>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list