[Pidgin] #15505: jabber.org's certificate is not trusted

Pidgin trac at pidgin.im
Fri Mar 8 09:29:41 EST 2013 

#15505: jabber.org's certificate is not trusted
---------------------------------+----------------------
 Reporter:  igel                 |       Owner:  deryni
     Type:  defect               |      Status:  pending
Milestone:                       |   Component:  XMPP
  Version:  2.10.6               |  Resolution:
 Keywords:  jabber, certificate  |
---------------------------------+----------------------
Changes (by igel):

 * status:  pending => new


Comment:

 Sorry, I cannot add the file to this ticket, I keep getting this:
 {{{
  Trac detected an internal error:

 NameError: global name 'now' is not defined

 There was an internal error in Trac. It is recommended that you notify
 your local Trac administrator with the information needed to reproduce the
 issue.

 To that end, you could a ticket.

 The action that triggered the error was:

 POST: /attachment/ticket/15505/

 TracGuide — The Trac User and Administration Guide
 }}}
 and trying to make a ticket about that results in "URI too long"...

 People, what _is_ up with your issue tracker? (see the 43years thing I
 posted earlier in this ticket)...



 Anyways, the important bits are these I think:
 {{{
 (15:20:10) dnssrv: querying SRV record for jabber.org: _xmpp-
 client._tcp.jabber.org
 (15:20:10) dnssrv: found 2 SRV entries
 (15:20:10) dnsquery: Performing DNS lookup for hermes.jabber.org
 }}}
 so my tests with register.jabber.org seem irrelevant, as the handshake is
 performed with hermes.jabber.org... Going on:
 {{{
 [...]
 (15:20:20) gnutls: Starting handshake with jabber.org
 (15:20:28) gnutls/x509: Certificate
 2.5.4.13=#131075346255714d65634269705257455a79,C=US,ST=Colorado,L=Parker,O=J
 Peter Saint-Andre,CN=conference.jabber.org,EMAIL=stpeter at jabber.org is
 issued by C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate
 Signing,CN=StartCom Class 2 Primary Intermediate Server CA, which does not
 match C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate
 Signing,CN=StartCom Certification Authority.
 (15:20:28) gnutls: Dropping further peer certificates because the chain is
 broken!
 (15:20:28) gnutls: Handshake complete
 (15:20:28) gnutls/x509: Key print:
 11:c2:3d:87:3f:95:f8:13:f8:ca:81:33:71:36:a7:00:e0:01:95:ed
 (15:20:28) gnutls: Peer provided 3 certs
 (15:20:28) gnutls: Lvl 0 SHA1 fingerprint:
 11:c2:3d:87:3f:95:f8:13:f8:ca:81:33:71:36:a7:00:e0:01:95:ed
 (15:20:28) gnutls: Serial: 01:43:76
 (15:20:28) gnutls: Cert DN:
 2.5.4.13=#131075346255714d65634269705257455a79,C=US,ST=Colorado,L=Parker,O=J
 Peter Saint-Andre,CN=conference.jabber.org,EMAIL=stpeter at jabber.org
 (15:20:28) gnutls: Cert Issuer DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Class 2 Primary Intermediate Server CA
 (15:20:28) gnutls: Lvl 1 SHA1 fingerprint:
 3e:2b:f7:f2:03:1b:96:f3:8c:e6:c4:d8:a8:5d:3e:2d:58:47:6a:0f
 (15:20:28) gnutls: Serial: 01
 (15:20:28) gnutls: Cert DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Certification Authority
 (15:20:28) gnutls: Cert Issuer DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Certification Authority
 (15:20:28) gnutls: Lvl 2 SHA1 fingerprint:
 a1:ac:e4:04:6b:6e:33:22:32:b8:7e:cf:b6:f3:7a:07:63:72:01:47
 (15:20:28) gnutls: Serial: 1a
 (15:20:28) gnutls: Cert DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Class 2 Primary Intermediate Server CA
 (15:20:28) gnutls: Cert Issuer DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Certification Authority
 (15:20:28) gnutls/x509: Certificate
 2.5.4.13=#131075346255714d65634269705257455a79,C=US,ST=Colorado,L=Parker,O=J
 Peter Saint-Andre,CN=conference.jabber.org,EMAIL=stpeter at jabber.org is
 issued by C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate
 Signing,CN=StartCom Class 2 Primary Intermediate Server CA, which does not
 match C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate
 Signing,CN=StartCom Certification Authority.
 (15:20:28) gnutls: Dropping further peer certificates because the chain is
 broken!
 (15:20:28) certificate/x509/tls_cached: Starting verify for jabber.org
 (15:20:28) certificate/x509/tls_cached: Checking for cached cert...
 (15:20:28) certificate/x509/tls_cached: ...Not in cache
 (15:20:28) gnutls/x509: Certificate
 2.5.4.13=#131075346255714d65634269705257455a79,C=US,ST=Colorado,L=Parker,O=J
 Peter Saint-Andre,CN=conference.jabber.org,EMAIL=stpeter at jabber.org is
 issued by C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate
 Signing,CN=StartCom Class 2 Primary Intermediate Server CA, which does not
 match
 2.5.4.13=#131075346255714d65634269705257455a79,C=US,ST=Colorado,L=Parker,O=J
 Peter Saint-Andre,CN=conference.jabber.org,EMAIL=stpeter at jabber.org.
 (15:20:28) certificate: Checking signature chain for
 uid=2.5.4.13=#131075346255714d65634269705257455a79,C=US,ST=Colorado,L=Parker,O=J
 Peter Saint-Andre,CN=conference.jabber.org,EMAIL=stpeter at jabber.org
 (15:20:28) certificate: ...Singleton. We'll say it's valid.
 (15:20:28) certificate/x509/tls_cached: Checking for a CA with
 DN=C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate Signing,CN=StartCom
 Class 2 Primary Intermediate Server CA
 (15:20:28) certificate/x509/tls_cached: Also checking for a CA with
 DN=2.5.4.13=#131075346255714d65634269705257455a79,C=US,ST=Colorado,L=Parker,O=J
 Peter Saint-Andre,CN=conference.jabber.org,EMAIL=stpeter at jabber.org
 (15:20:28) certificate/x509/tls_cached: No Certificate Authorities with
 either DN found found. I'll prompt the user, I guess.
 }}}

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15505#comment:8>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list