[Pidgin] #15506: SSL Alt Name Sporadic Failure

Pidgin trac at pidgin.im
Sat Feb 9 08:50:38 EST 2013


#15506: SSL Alt Name Sporadic Failure
--------------------+---------------------------
 Reporter:  geggam  |       Owner:  rekkanoryo
     Type:  defect  |      Status:  new
Milestone:          |   Component:  unclassified
  Version:  2.10.6  |  Resolution:
 Keywords:          |
--------------------+---------------------------
Description changed by Robby:

Old description:

> When validating ssl certs the subjectaltname check has extra characters
> preventing success.
>

> the point where pidgin breaks is here.
>

> (14:07:44) certificate/x509/tls_cached: Also checking for a CA with
> DN=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
> (14:07:44) certificate/x509/tls_cached: No Certificate Authorities with
> either DN found found. I'll prompt the user, I guess.
>

> The check should be CA with DN=*.12bar.net .... removing the CN=
>
> ***********************
>
> Full check
> (14:07:32) util: Writing file accounts.xml to directory
> /home/dbecker/.purple
> (14:07:32) util: Writing file /home/dbecker/.purple/accounts.xml
> (14:07:32) util: Writing file blist.xml to directory
> /home/dbecker/.purple
> (14:07:32) util: Writing file /home/dbecker/.purple/blist.xml
> (14:07:33) jabber: jabber_actions: have pep: YES
> (14:07:33) account: Connecting to account tester4 at 12bar.net/.
> (14:07:33) connection: Connecting. gc = 0x7f4d4e36fcb0
> (14:07:33) dnssrv: querying SRV record for 12bar.net: _xmpp-
> client._tcp.12bar.net
> (14:07:38) util: Writing file accounts.xml to directory
> /home/dbecker/.purple
> (14:07:38) util: Writing file /home/dbecker/.purple/accounts.xml
> (14:07:38) dnssrv: found 1 SRV entries
> (14:07:38) dnsquery: Performing DNS lookup for xmpp.12bar.net
> (14:07:38) dns: Wait for DNS child 15333 failed: No child processes
> (14:07:38) dns: Wait for DNS child 15329 failed: No child processes
> (14:07:38) dns: Wait for DNS child 15330 failed: No child processes
> (14:07:38) dns: Wait for DNS child 15328 failed: No child processes
> (14:07:38) dns: Created new DNS child 15480, there are now 1 children.
> (14:07:38) dns: Successfully sent DNS request to child 15480
> (14:07:43) dns: Got response for 'xmpp.12bar.net'
> (14:07:43) dnsquery: IP resolved for xmpp.12bar.net
> (14:07:43) proxy: Attempting connection to 199.19.195.162
> (14:07:43) proxy: Connecting to xmpp.12bar.net:5222 with no proxy
> (14:07:43) proxy: Connection in progress
> (14:07:43) proxy: Connecting to xmpp.12bar.net:5222.
> (14:07:43) proxy: Connected to xmpp.12bar.net:5222.
> (14:07:43) jabber: Sending (tester4 at 12bar.net): <?xml version='1.0' ?>
> (14:07:43) jabber: Sending (tester4 at 12bar.net): <stream:stream
> to='12bar.net' xmlns='jabber:client'
> xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
> (14:07:44) jabber: Recv (193): <?xml version='1.0'?><stream:stream
> xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
> from='12bar.net' id='3b22845c-d89c-4392-87c2-8edc628d4968' version='1.0'
> xml:lang='en'>
> (14:07:44) jabber: Recv (330): <stream:features><ver
> xmlns="urn:xmpp:features:rosterver"/><starttls
> xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms
> xmlns="urn:ietf:params:xml:ns:xmpp-
> sasl"><mechanism>PLAIN</mechanism></mechanisms><register
> xmlns="http://jabber.org/features/iq-register"/><auth
> xmlns="http://jabber.org/features/iq-auth"/></stream:features>
> (14:07:44) jabber: Sending (tester4 at 12bar.net): <starttls
> xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
> (14:07:44) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns
> :xmpp-tls"/>
> (14:07:44) nss: subject=CN=*.12bar.net,OU=Domain Control
> Validated,O=*.12bar.net issuer=serialNumber=07969287,CN=Go Daddy Secure
> Certification
> Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com,
> Inc.",L=Scottsdale,ST=Arizona,C=US
> (14:07:44) nss: partial certificate chain
> (14:07:44) certificate/x509/tls_cached: Starting verify for 12bar.net
> (14:07:44) certificate/x509/tls_cached: Checking for cached cert...
> (14:07:44) certificate/x509/tls_cached: ...Not in cache
> (14:07:44) certificate: Checking signature chain for
> uid=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
> (14:07:44) certificate: ...Singleton. We'll say it's valid.
> (14:07:44) certificate/x509/tls_cached: Checking for a CA with
> DN=serialNumber=07969287,CN=Go Daddy Secure Certification
> Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com,
> Inc.",L=Scottsdale,ST=Arizona,C=US
> (14:07:44) certificate/x509/tls_cached: Also checking for a CA with
> DN=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
> (14:07:44) certificate/x509/tls_cached: No Certificate Authorities with
> either DN found found. I'll prompt the user, I guess.

New description:

 When validating ssl certs the subjectaltname check has extra characters
 preventing success.


 the point where pidgin breaks is here.


 {{{
 (14:07:44) certificate/x509/tls_cached: Also checking for a CA with
 DN=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
 (14:07:44) certificate/x509/tls_cached: No Certificate Authorities with
 either DN found found. I'll prompt the user, I guess.


 The check should be CA with DN=*.12bar.net .... removing the CN=

 ***********************

 Full check
 (14:07:32) util: Writing file accounts.xml to directory
 /home/dbecker/.purple
 (14:07:32) util: Writing file /home/dbecker/.purple/accounts.xml
 (14:07:32) util: Writing file blist.xml to directory /home/dbecker/.purple
 (14:07:32) util: Writing file /home/dbecker/.purple/blist.xml
 (14:07:33) jabber: jabber_actions: have pep: YES
 (14:07:33) account: Connecting to account tester4 at 12bar.net/.
 (14:07:33) connection: Connecting. gc = 0x7f4d4e36fcb0
 (14:07:33) dnssrv: querying SRV record for 12bar.net: _xmpp-
 client._tcp.12bar.net
 (14:07:38) util: Writing file accounts.xml to directory
 /home/dbecker/.purple
 (14:07:38) util: Writing file /home/dbecker/.purple/accounts.xml
 (14:07:38) dnssrv: found 1 SRV entries
 (14:07:38) dnsquery: Performing DNS lookup for xmpp.12bar.net
 (14:07:38) dns: Wait for DNS child 15333 failed: No child processes
 (14:07:38) dns: Wait for DNS child 15329 failed: No child processes
 (14:07:38) dns: Wait for DNS child 15330 failed: No child processes
 (14:07:38) dns: Wait for DNS child 15328 failed: No child processes
 (14:07:38) dns: Created new DNS child 15480, there are now 1 children.
 (14:07:38) dns: Successfully sent DNS request to child 15480
 (14:07:43) dns: Got response for 'xmpp.12bar.net'
 (14:07:43) dnsquery: IP resolved for xmpp.12bar.net
 (14:07:43) proxy: Attempting connection to 199.19.195.162
 (14:07:43) proxy: Connecting to xmpp.12bar.net:5222 with no proxy
 (14:07:43) proxy: Connection in progress
 (14:07:43) proxy: Connecting to xmpp.12bar.net:5222.
 (14:07:43) proxy: Connected to xmpp.12bar.net:5222.
 (14:07:43) jabber: Sending (tester4 at 12bar.net): <?xml version='1.0' ?>
 (14:07:43) jabber: Sending (tester4 at 12bar.net): <stream:stream
 to='12bar.net' xmlns='jabber:client'
 xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
 (14:07:44) jabber: Recv (193): <?xml version='1.0'?><stream:stream
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 from='12bar.net' id='3b22845c-d89c-4392-87c2-8edc628d4968' version='1.0'
 xml:lang='en'>
 (14:07:44) jabber: Recv (330): <stream:features><ver
 xmlns="urn:xmpp:features:rosterver"/><starttls
 xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms
 xmlns="urn:ietf:params:xml:ns:xmpp-
 sasl"><mechanism>PLAIN</mechanism></mechanisms><register
 xmlns="http://jabber.org/features/iq-register"/><auth
 xmlns="http://jabber.org/features/iq-auth"/></stream:features>
 (14:07:44) jabber: Sending (tester4 at 12bar.net): <starttls
 xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
 (14:07:44) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-
 tls"/>
 (14:07:44) nss: subject=CN=*.12bar.net,OU=Domain Control
 Validated,O=*.12bar.net issuer=serialNumber=07969287,CN=Go Daddy Secure
 Certification
 Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com,
 Inc.",L=Scottsdale,ST=Arizona,C=US
 (14:07:44) nss: partial certificate chain
 (14:07:44) certificate/x509/tls_cached: Starting verify for 12bar.net
 (14:07:44) certificate/x509/tls_cached: Checking for cached cert...
 (14:07:44) certificate/x509/tls_cached: ...Not in cache
 (14:07:44) certificate: Checking signature chain for
 uid=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
 (14:07:44) certificate: ...Singleton. We'll say it's valid.
 (14:07:44) certificate/x509/tls_cached: Checking for a CA with
 DN=serialNumber=07969287,CN=Go Daddy Secure Certification
 Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com,
 Inc.",L=Scottsdale,ST=Arizona,C=US
 (14:07:44) certificate/x509/tls_cached: Also checking for a CA with
 DN=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
 (14:07:44) certificate/x509/tls_cached: No Certificate Authorities with
 either DN found found. I'll prompt the user, I guess.
 }}}

--

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15506#comment:1>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list