[Pidgin] #15505: jabber.org's certificate is not trusted
Pidgin
trac at pidgin.im
Sun Mar 10 22:01:06 EDT 2013
#15505: jabber.org's certificate is not trusted
---------------------------------+---------------------
Reporter: igel | Owner: deryni
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.10.6 | Resolution:
Keywords: jabber, certificate |
---------------------------------+---------------------
Comment (by datallah):
It looks like the issue is that jabber.org is sending an out-of-order cert
chain:
`openssl s_client -connect jabber.org:5222 -starttls xmpp`
{{{
CONNECTED(00000004)
---
Certificate chain
0 s:/description=u4bUqMecBipRWEZy/C=US/ST=Colorado/L=Parker/O=J Peter
Saint-Andre/CN=conference.jabber.org/emailAddress=stpeter at jabber.org
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 2 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 2 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
}}}
The Certificate chain ordering should be 0->2->1 and it looks like gnutls
is bailing because of that.
The libpurple code to validate certificates can handle this situation and
connecting works fine with NSS.
--
Ticket URL: <https://developer.pidgin.im/ticket/15505#comment:11>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list