[Pidgin] #15505: jabber.org's certificate is not trusted

Pidgin trac at pidgin.im
Sat Mar 9 05:25:51 EST 2013 

#15505: jabber.org's certificate is not trusted
---------------------------------+---------------------
 Reporter:  igel                 |       Owner:  deryni
     Type:  defect               |      Status:  new
Milestone:                       |   Component:  XMPP
  Version:  2.10.6               |  Resolution:
 Keywords:  jabber, certificate  |
---------------------------------+---------------------

Comment (by igel):

 So, in hope that it would be an error in gnutls that might have been
 fixed, I updated gnutls from 2.12.23 to 3.1.9 and ended up with the
 following new debug log:
 {{{
 (11:16:23) gnutls: Starting handshake with jabber.org
 (11:16:24) gnutls/x509: Failed to get Distinguished Name
 (11:16:24) gnutls/x509: Certificate (null) is issued by C=IL,O=StartCom
 Ltd.,OU=Secure Digital Certificate Signing,CN=StartCom Class 2 Primary
 Intermediate Server CA, which does not match C=IL,O=StartCom
 Ltd.,OU=Secure Digital Certificate Signing,CN=StartCom Certification
 Authority.
 (11:16:24) gnutls: Dropping further peer certificates because the chain is
 broken!
 (11:16:24) gnutls: Handshake complete
 (11:16:24) gnutls/x509: Key print:
 11:c2:3d:87:3f:95:f8:13:f8:ca:81:33:71:36:a7:00:e0:01:95:ed
 (11:16:24) gnutls: Peer provided 3 certs
 (11:16:24) gnutls: Lvl 0 SHA1 fingerprint:
 11:c2:3d:87:3f:95:f8:13:f8:ca:81:33:71:36:a7:00:e0:01:95:ed
 (11:16:24) gnutls: Serial: 01:43:76
 (11:16:24) gnutls: Cert DN:
 (11:16:24) gnutls: Cert Issuer DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Class 2 Primary Intermediate Server CA
 (11:16:24) gnutls: Lvl 1 SHA1 fingerprint:
 3e:2b:f7:f2:03:1b:96:f3:8c:e6:c4:d8:a8:5d:3e:2d:58:47:6a:0f
 (11:16:24) gnutls: Serial: 01
 (11:16:24) gnutls: Cert DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Certification Authority
 (11:16:24) gnutls: Cert Issuer DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Certification Authority
 (11:16:24) gnutls: Lvl 2 SHA1 fingerprint:
 a1:ac:e4:04:6b:6e:33:22:32:b8:7e:cf:b6:f3:7a:07:63:72:01:47
 (11:16:24) gnutls: Serial: 1a
 (11:16:24) gnutls: Cert DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Class 2 Primary Intermediate Server CA
 (11:16:24) gnutls: Cert Issuer DN: C=IL,O=StartCom Ltd.,OU=Secure Digital
 Certificate Signing,CN=StartCom Certification Authority
 (11:16:24) gnutls/x509: Failed to get Distinguished Name
 (11:16:24) gnutls/x509: Certificate (null) is issued by C=IL,O=StartCom
 Ltd.,OU=Secure Digital Certificate Signing,CN=StartCom Class 2 Primary
 Intermediate Server CA, which does not match C=IL,O=StartCom
 Ltd.,OU=Secure Digital Certificate Signing,CN=StartCom Certification
 Authority.
 (11:16:24) gnutls: Dropping further peer certificates because the chain is
 broken!
 }}}
 Command-line testing yielded the following (jabber.org turned out to use
 STARTTLS):
 {{{
 % gnutls-cli -V jabber.org -p 5222 --starttls
 Processed 165 CA certificate(s).
 Resolving 'jabber.org'...
 Connecting to '208.68.163.220:5222'...

 - Simple Client Mode:

 *** Starting TLS handshake
 *** Fatal error: The operation timed out
 }}}

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15505#comment:10>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list