[Pidgin] #15506: SSL Alt Name Sporadic Failure
Pidgin
trac at pidgin.im
Sat Feb 9 08:50:38 EST 2013
#15506: SSL Alt Name Sporadic Failure
--------------------+---------------------------
Reporter: geggam | Owner: rekkanoryo
Type: defect | Status: new
Milestone: | Component: unclassified
Version: 2.10.6 | Resolution:
Keywords: |
--------------------+---------------------------
Description changed by Robby:
Old description:
> When validating ssl certs the subjectaltname check has extra characters
> preventing success.
>
> the point where pidgin breaks is here.
>
> (14:07:44) certificate/x509/tls_cached: Also checking for a CA with
> DN=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
> (14:07:44) certificate/x509/tls_cached: No Certificate Authorities with
> either DN found found. I'll prompt the user, I guess.
>
> The check should be CA with DN=*.12bar.net .... removing the CN=
>
> ***********************
>
> Full check
> (14:07:32) util: Writing file accounts.xml to directory
> /home/dbecker/.purple
> (14:07:32) util: Writing file /home/dbecker/.purple/accounts.xml
> (14:07:32) util: Writing file blist.xml to directory
> /home/dbecker/.purple
> (14:07:32) util: Writing file /home/dbecker/.purple/blist.xml
> (14:07:33) jabber: jabber_actions: have pep: YES
> (14:07:33) account: Connecting to account tester4 at 12bar.net/.
> (14:07:33) connection: Connecting. gc = 0x7f4d4e36fcb0
> (14:07:33) dnssrv: querying SRV record for 12bar.net: _xmpp-
> client._tcp.12bar.net
> (14:07:38) util: Writing file accounts.xml to directory
> /home/dbecker/.purple
> (14:07:38) util: Writing file /home/dbecker/.purple/accounts.xml
> (14:07:38) dnssrv: found 1 SRV entries
> (14:07:38) dnsquery: Performing DNS lookup for xmpp.12bar.net
> (14:07:38) dns: Wait for DNS child 15333 failed: No child processes
> (14:07:38) dns: Wait for DNS child 15329 failed: No child processes
> (14:07:38) dns: Wait for DNS child 15330 failed: No child processes
> (14:07:38) dns: Wait for DNS child 15328 failed: No child processes
> (14:07:38) dns: Created new DNS child 15480, there are now 1 children.
> (14:07:38) dns: Successfully sent DNS request to child 15480
> (14:07:43) dns: Got response for 'xmpp.12bar.net'
> (14:07:43) dnsquery: IP resolved for xmpp.12bar.net
> (14:07:43) proxy: Attempting connection to 199.19.195.162
> (14:07:43) proxy: Connecting to xmpp.12bar.net:5222 with no proxy
> (14:07:43) proxy: Connection in progress
> (14:07:43) proxy: Connecting to xmpp.12bar.net:5222.
> (14:07:43) proxy: Connected to xmpp.12bar.net:5222.
> (14:07:43) jabber: Sending (tester4 at 12bar.net): <?xml version='1.0' ?>
> (14:07:43) jabber: Sending (tester4 at 12bar.net): <stream:stream
> to='12bar.net' xmlns='jabber:client'
> xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
> (14:07:44) jabber: Recv (193): <?xml version='1.0'?><stream:stream
> xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
> from='12bar.net' id='3b22845c-d89c-4392-87c2-8edc628d4968' version='1.0'
> xml:lang='en'>
> (14:07:44) jabber: Recv (330): <stream:features><ver
> xmlns="urn:xmpp:features:rosterver"/><starttls
> xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms
> xmlns="urn:ietf:params:xml:ns:xmpp-
> sasl"><mechanism>PLAIN</mechanism></mechanisms><register
> xmlns="http://jabber.org/features/iq-register"/><auth
> xmlns="http://jabber.org/features/iq-auth"/></stream:features>
> (14:07:44) jabber: Sending (tester4 at 12bar.net): <starttls
> xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
> (14:07:44) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns
> :xmpp-tls"/>
> (14:07:44) nss: subject=CN=*.12bar.net,OU=Domain Control
> Validated,O=*.12bar.net issuer=serialNumber=07969287,CN=Go Daddy Secure
> Certification
> Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com,
> Inc.",L=Scottsdale,ST=Arizona,C=US
> (14:07:44) nss: partial certificate chain
> (14:07:44) certificate/x509/tls_cached: Starting verify for 12bar.net
> (14:07:44) certificate/x509/tls_cached: Checking for cached cert...
> (14:07:44) certificate/x509/tls_cached: ...Not in cache
> (14:07:44) certificate: Checking signature chain for
> uid=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
> (14:07:44) certificate: ...Singleton. We'll say it's valid.
> (14:07:44) certificate/x509/tls_cached: Checking for a CA with
> DN=serialNumber=07969287,CN=Go Daddy Secure Certification
> Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com,
> Inc.",L=Scottsdale,ST=Arizona,C=US
> (14:07:44) certificate/x509/tls_cached: Also checking for a CA with
> DN=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
> (14:07:44) certificate/x509/tls_cached: No Certificate Authorities with
> either DN found found. I'll prompt the user, I guess.
New description:
When validating ssl certs the subjectaltname check has extra characters
preventing success.
the point where pidgin breaks is here.
{{{
(14:07:44) certificate/x509/tls_cached: Also checking for a CA with
DN=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
(14:07:44) certificate/x509/tls_cached: No Certificate Authorities with
either DN found found. I'll prompt the user, I guess.
The check should be CA with DN=*.12bar.net .... removing the CN=
***********************
Full check
(14:07:32) util: Writing file accounts.xml to directory
/home/dbecker/.purple
(14:07:32) util: Writing file /home/dbecker/.purple/accounts.xml
(14:07:32) util: Writing file blist.xml to directory /home/dbecker/.purple
(14:07:32) util: Writing file /home/dbecker/.purple/blist.xml
(14:07:33) jabber: jabber_actions: have pep: YES
(14:07:33) account: Connecting to account tester4 at 12bar.net/.
(14:07:33) connection: Connecting. gc = 0x7f4d4e36fcb0
(14:07:33) dnssrv: querying SRV record for 12bar.net: _xmpp-
client._tcp.12bar.net
(14:07:38) util: Writing file accounts.xml to directory
/home/dbecker/.purple
(14:07:38) util: Writing file /home/dbecker/.purple/accounts.xml
(14:07:38) dnssrv: found 1 SRV entries
(14:07:38) dnsquery: Performing DNS lookup for xmpp.12bar.net
(14:07:38) dns: Wait for DNS child 15333 failed: No child processes
(14:07:38) dns: Wait for DNS child 15329 failed: No child processes
(14:07:38) dns: Wait for DNS child 15330 failed: No child processes
(14:07:38) dns: Wait for DNS child 15328 failed: No child processes
(14:07:38) dns: Created new DNS child 15480, there are now 1 children.
(14:07:38) dns: Successfully sent DNS request to child 15480
(14:07:43) dns: Got response for 'xmpp.12bar.net'
(14:07:43) dnsquery: IP resolved for xmpp.12bar.net
(14:07:43) proxy: Attempting connection to 199.19.195.162
(14:07:43) proxy: Connecting to xmpp.12bar.net:5222 with no proxy
(14:07:43) proxy: Connection in progress
(14:07:43) proxy: Connecting to xmpp.12bar.net:5222.
(14:07:43) proxy: Connected to xmpp.12bar.net:5222.
(14:07:43) jabber: Sending (tester4 at 12bar.net): <?xml version='1.0' ?>
(14:07:43) jabber: Sending (tester4 at 12bar.net): <stream:stream
to='12bar.net' xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(14:07:44) jabber: Recv (193): <?xml version='1.0'?><stream:stream
xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
from='12bar.net' id='3b22845c-d89c-4392-87c2-8edc628d4968' version='1.0'
xml:lang='en'>
(14:07:44) jabber: Recv (330): <stream:features><ver
xmlns="urn:xmpp:features:rosterver"/><starttls
xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-
sasl"><mechanism>PLAIN</mechanism></mechanisms><register
xmlns="http://jabber.org/features/iq-register"/><auth
xmlns="http://jabber.org/features/iq-auth"/></stream:features>
(14:07:44) jabber: Sending (tester4 at 12bar.net): <starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(14:07:44) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-
tls"/>
(14:07:44) nss: subject=CN=*.12bar.net,OU=Domain Control
Validated,O=*.12bar.net issuer=serialNumber=07969287,CN=Go Daddy Secure
Certification
Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com,
Inc.",L=Scottsdale,ST=Arizona,C=US
(14:07:44) nss: partial certificate chain
(14:07:44) certificate/x509/tls_cached: Starting verify for 12bar.net
(14:07:44) certificate/x509/tls_cached: Checking for cached cert...
(14:07:44) certificate/x509/tls_cached: ...Not in cache
(14:07:44) certificate: Checking signature chain for
uid=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
(14:07:44) certificate: ...Singleton. We'll say it's valid.
(14:07:44) certificate/x509/tls_cached: Checking for a CA with
DN=serialNumber=07969287,CN=Go Daddy Secure Certification
Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com,
Inc.",L=Scottsdale,ST=Arizona,C=US
(14:07:44) certificate/x509/tls_cached: Also checking for a CA with
DN=CN=*.12bar.net,OU=Domain Control Validated,O=*.12bar.net
(14:07:44) certificate/x509/tls_cached: No Certificate Authorities with
either DN found found. I'll prompt the user, I guess.
}}}
--
--
Ticket URL: <https://developer.pidgin.im/ticket/15506#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list