[Pidgin] #15486: pidgin/purple fails with "The certificate chain presented is invalid."
trac at pidgin.im
Mon Feb 11 04:58:18 EST 2013
#15486: pidgin/purple fails with "The certificate chain presented is invalid."
Reporter: calestyo | Owner:
Type: defect | Status: new
Milestone: | Component: libpurple
Version: 2.10.6 | Resolution:
Comment (by ans):
i'd like to confirm this bug. it affects several of our users, but we are
currently unable to determine the cause. for example several ubuntu 10.04
users are affected, however a fresh installation i set up did not exhibit
the problem. it might be a side effect of another installed package. it is
however not a configuration issue since it persists after removing
.purple. this also affects version 2.10.3. as a workaround the leaf
certificate can be manually imported in pidgin.
our server is an ejabberd as well, running at imsg.ch. the affected users
have the cacert root-cert installed and are able to correctly verify the
same certificate using chrome which also uses libnss (s. https://imsg.ch).
the following debug output is produced by pidgin failing to validate the
(08:57:32) certificate/x509/tls_cached: Starting verify for imsg.ch
(08:57:32) certificate/x509/tls_cached: Checking for cached cert...
(08:57:32) certificate/x509/tls_cached: ...Not in cache
(08:57:32) certificate: Checking signature chain for uid=CN=glei.ch
(08:57:32) certificate: ...Good signature by CN=CAcert Class 3
(08:57:32) certificate: ...Bad or missing signature by
E=support at cacert.org,CN=CA Cert Signing
Chain is INVALID
(08:57:32) certificate: Failed to verify certificate for imsg.ch
the certificate is definitely ok, see e.g.:
openssl s_client -CAfile class3.crt -connect imsg.ch:5223 | grep return
depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing
Authority, emailAddress = support at cacert.org
depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3
depth=0 CN = glei.ch
Verify return code: 0 (ok)
if you need more information please write so. we have now access to an
Ticket URL: <https://developer.pidgin.im/ticket/15486#comment:1>
More information about the Tracker