[Pidgin] #12906: Unable to validate certificate
Pidgin
trac at pidgin.im
Thu Nov 25 07:23:15 EST 2010
#12906: Unable to validate certificate
---------------------+------------------------------------------------------
Reporter: Anthara | Owner: QuLogic
Type: defect | Status: closed
Milestone: 2.7.7 | Component: MSN
Version: 2.7.5 | Resolution: fixed
Keywords: |
---------------------+------------------------------------------------------
Comment(by guru):
The problem still exists in 2.7.7, here is a debug log (the cached
certificate in
/home/guru/.purple/certificates/x509/tls_peers/omega.contacts.msn.com was
downloaded yesterday after deleting all files in
/home/guru/.purple/certificates/x509/tls_peers/):
{{{
(08:50:40) dns: Got response for 'omega.contacts.msn.com'
(08:50:40) dnsquery: IP resolved for omega.contacts.msn.com
(08:50:40) proxy: Attempting connection to 207.46.113.78
(08:50:40) proxy: Connecting to omega.contacts.msn.com:443 with no proxy
(08:50:40) proxy: Connection in progress
(08:50:40) proxy: Connecting to omega.contacts.msn.com:443.
(08:50:40) proxy: Connected to omega.contacts.msn.com:443.
(08:50:40) gnutls: Starting handshake with omega.contacts.msn.com
(08:50:41) util: Writing file blist.xml to directory /home/guru/.purple
(08:50:41) util: Writing file /home/guru/.purple/blist.xml
(08:50:41) gnutls: Handshake complete
(08:50:41) gnutls/x509: Key print:
ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b
(08:50:41) gnutls/x509: Key print:
7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05
(08:50:41) gnutls/x509: Key print:
3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25
(08:50:41) gnutls: Peer provided 3 certs
(08:50:41) gnutls: Lvl 0 SHA1 fingerprint:
ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b
(08:50:41) gnutls: Serial: 7d:da:e0:49:00:08:00:01:c8:b9
(08:50:41) gnutls: Cert DN: C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
Services,CN=*.contacts.msn.com
(08:50:41) gnutls: Cert Issuer DN:
DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
Authority
(08:50:41) gnutls: Lvl 1 SHA1 fingerprint:
7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05
(08:50:41) gnutls: Serial: 61:16:6d:2f:00:04:00:00:00:20
(08:50:41) gnutls: Cert DN:
DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
Authority
(08:50:41) gnutls: Cert Issuer DN: CN=Microsoft Internet Authority
(08:50:41) gnutls: Lvl 2 SHA1 fingerprint:
3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25
(08:50:41) gnutls: Serial: 07:27:16:75
(08:50:41) gnutls: Cert DN: CN=Microsoft Internet Authority
(08:50:41) gnutls: Cert Issuer DN: C=US,O=GTE Corporation,OU=GTE
CyberTrust Solutions\, Inc.,CN=GTE CyberTrust Global Root
(08:50:41) certificate/x509/tls_cached: Starting verify for
omega.contacts.msn.com
(08:50:41) certificate/x509/tls_cached: Checking for cached cert...
(08:50:41) certificate/x509/tls_cached: ...Found cached cert
(08:50:41) gnutls: Attempting to load X.509 certificate from
/home/guru/.purple/certificates/x509/tls_peers/omega.contacts.msn.com
(08:50:41) certificate/x509/tls_cached: Peer cert did NOT match cached
(08:50:41) gnutls/x509: Certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN
Contact Services,CN=*.contacts.msn.com claims to be issued by
DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
Authority, but the certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN
Contact Services,CN=*.contacts.msn.com does not match.
(08:50:41) certificate: Checking signature chain for
uid=C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
Services,CN=*.contacts.msn.com
(08:50:41) gnutls/x509: Bad signature for
DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
Authority on C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact
Services,CN=*.contacts.msn.com
(08:50:41) certificate: ...Bad or missing signature by
DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server
Authority
Chain is INVALID
}}}
I would like to re-open this ticket (but can't)
Matthias
--
Ticket URL: <http://developer.pidgin.im/ticket/12906#comment:107>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list