[Pidgin] #15543: CACert certificates invalid?
Pidgin
trac at pidgin.im
Sun Mar 10 22:53:41 EDT 2013
#15543: CACert certificates invalid?
--------------------+----------------------
Reporter: mo | Owner: deryni
Type: defect | Status: closed
Milestone: | Component: XMPP
Version: 2.10.3 | Resolution: invalid
Keywords: tls |
--------------------+----------------------
Changes (by datallah):
* status: new => closed
* resolution: => invalid
Comment:
If you look further in your debug log, you'll see
{{{
(22:34:20) certificate/x509/tls_cached: Full chain verification failed
(probably a bad signature algorithm), but found the last certificate
CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. in the CA
pool.
}}}
That's exactly what the issue issue is - your certificate is signed using
the `sha1WithRSAEncryption` algorithm, but the intermediate certificates
are signed with the insecure `md5WithRSAEncryption` algorithm.
You'll need to look at the cacert documentation to set up your certificate
chain with the appropriate certficates.
--
Ticket URL: <https://developer.pidgin.im/ticket/15543#comment:6>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list