[Pidgin] #14774: Pidgin verifies the wrong component of a SSL-certificate

Pidgin trac at pidgin.im
Mon Nov 28 20:11:52 EST 2011

#14774: Pidgin verifies the wrong component of a SSL-certificate
 Reporter:  klaernie      |     Owner:  rekkanoryo
     Type:  defect        |    Status:  new       
Component:  unclassified  |   Version:  2.10.0    
 Keywords:                |  
 Hello alltogether,

 I noticed today, that the current version of pidgin fails to verify the
 SSL-certificate of my server correctly if no xmpp-servername is given.

 I use my personal server with xmpp-server-autodetection for ages, but only
 with a test-domain, where the server-name of my xmpp-server and the xmpp-
 domain are matching.

 Today I tried out to run a vhosting on my xmpp-server, with the same old
 cert, and a new domain which got _xmpp-client._tcp.domain.tld pointing to
 my server.

 Than pidgin asks me, whether I'd like to accept the certificate, as it
 clearly doesn't match the domain I configured, but instead pidgin should
 verify the CN/SubjectAltName of the certificate against the servername it
 found using autodetection.

 I'd appreciate any answer.

 Regards, Andre

Ticket URL: <http://developer.pidgin.im/ticket/14774>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list