[Pidgin] #15543: CACert certificates invalid?

Pidgin trac at pidgin.im
Sun Mar 10 22:53:41 EDT 2013


#15543: CACert certificates invalid?
--------------------+----------------------
 Reporter:  mo      |       Owner:  deryni
     Type:  defect  |      Status:  closed
Milestone:          |   Component:  XMPP
  Version:  2.10.3  |  Resolution:  invalid
 Keywords:  tls     |
--------------------+----------------------
Changes (by datallah):

 * status:  new => closed
 * resolution:   => invalid


Comment:

 If you look further in your debug log, you'll see
 {{{
 (22:34:20) certificate/x509/tls_cached: Full chain verification failed
 (probably a bad signature algorithm), but found the last certificate
 CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. in the CA
 pool.
 }}}

 That's exactly what the issue issue is - your certificate is signed using
 the `sha1WithRSAEncryption` algorithm, but the intermediate certificates
 are signed with the insecure `md5WithRSAEncryption` algorithm.

 You'll need to look at the cacert documentation to set up your certificate
 chain with the appropriate certficates.

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15543#comment:6>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list