[Pidgin] #12906: Unable to validate certificate

Pidgin trac at pidgin.im
Thu Nov 25 07:23:15 EST 2010


#12906: Unable to validate certificate
---------------------+------------------------------------------------------
 Reporter:  Anthara  |        Owner:  QuLogic
     Type:  defect   |       Status:  closed 
Milestone:  2.7.7    |    Component:  MSN    
  Version:  2.7.5    |   Resolution:  fixed  
 Keywords:           |  
---------------------+------------------------------------------------------

Comment(by guru):

 The problem still exists in 2.7.7, here is a debug log (the cached
 certificate in
 /home/guru/.purple/certificates/x509/tls_peers/omega.contacts.msn.com was
 downloaded yesterday after deleting all files in
 /home/guru/.purple/certificates/x509/tls_peers/):


 {{{

  (08:50:40) dns: Got response for 'omega.contacts.msn.com'
  (08:50:40) dnsquery: IP resolved for omega.contacts.msn.com
  (08:50:40) proxy: Attempting connection to 207.46.113.78
  (08:50:40) proxy: Connecting to omega.contacts.msn.com:443 with no proxy
  (08:50:40) proxy: Connection in progress
  (08:50:40) proxy: Connecting to omega.contacts.msn.com:443.
  (08:50:40) proxy: Connected to omega.contacts.msn.com:443.
  (08:50:40) gnutls: Starting handshake with omega.contacts.msn.com
  (08:50:41) util: Writing file blist.xml to directory /home/guru/.purple
  (08:50:41) util: Writing file /home/guru/.purple/blist.xml
  (08:50:41) gnutls: Handshake complete
  (08:50:41) gnutls/x509: Key print:
 ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b
  (08:50:41) gnutls/x509: Key print:
 7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05
  (08:50:41) gnutls/x509: Key print:
 3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25
  (08:50:41) gnutls: Peer provided 3 certs
  (08:50:41) gnutls: Lvl 0 SHA1 fingerprint:
 ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b
  (08:50:41) gnutls: Serial: 7d:da:e0:49:00:08:00:01:c8:b9
  (08:50:41) gnutls: Cert DN: C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com
  (08:50:41) gnutls: Cert Issuer DN:
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
  (08:50:41) gnutls: Lvl 1 SHA1 fingerprint:
 7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05
  (08:50:41) gnutls: Serial: 61:16:6d:2f:00:04:00:00:00:20
  (08:50:41) gnutls: Cert DN:
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
  (08:50:41) gnutls: Cert Issuer DN: CN=Microsoft Internet Authority
  (08:50:41) gnutls: Lvl 2 SHA1 fingerprint:
 3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25
  (08:50:41) gnutls: Serial: 07:27:16:75
  (08:50:41) gnutls: Cert DN: CN=Microsoft Internet Authority
  (08:50:41) gnutls: Cert Issuer DN: C=US,O=GTE Corporation,OU=GTE
 CyberTrust Solutions\, Inc.,CN=GTE CyberTrust Global Root
  (08:50:41) certificate/x509/tls_cached: Starting verify for
 omega.contacts.msn.com
  (08:50:41) certificate/x509/tls_cached: Checking for cached cert...
  (08:50:41) certificate/x509/tls_cached: ...Found cached cert
  (08:50:41) gnutls: Attempting to load X.509 certificate from
 /home/guru/.purple/certificates/x509/tls_peers/omega.contacts.msn.com
  (08:50:41) certificate/x509/tls_cached: Peer cert did NOT match cached
  (08:50:41) gnutls/x509: Certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN
 Contact Services,CN=*.contacts.msn.com claims to be issued by
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority, but the certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN
 Contact Services,CN=*.contacts.msn.com does not match.
  (08:50:41) certificate: Checking signature chain for
 uid=C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com
  (08:50:41) gnutls/x509: Bad signature for
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority on C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
 Services,CN=*.contacts.msn.com
  (08:50:41) certificate: ...Bad or missing signature by
 DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
 Authority
  Chain is INVALID
 }}}


 I would like to re-open this ticket (but can't)

 Matthias

-- 
Ticket URL: <http://developer.pidgin.im/ticket/12906#comment:107>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list