[Pidgin] #16412: NSS SSL doesn't work well with self signed certificates

Pidgin trac at pidgin.im
Thu Nov 20 09:39:52 EST 2014


#16412: NSS SSL doesn't work well with self signed certificates
-----------------------+------------------------
 Reporter:  skyserver  |       Owner:  datallah
     Type:  defect     |      Status:  closed
Milestone:  2.10.11    |   Component:  libpurple
  Version:  2.10.10    |  Resolution:  fixed
 Keywords:  nss        |
-----------------------+------------------------

Comment (by bjornalfonur):

 Replying to [comment:3 datallah]:
 > The issue with self-signed certificates has been fixed already in
 [9086eaeacd2c].  I'm making this ticket the one that we track that
 particular problem under.

 A very interesting read! Is this fix being deployed already? I am asking,
 because I am still suffering from it (and I fear, there might be a better
 place to mention this?)

 My system is Ubuntu 14.04 running pidgin 2.10.10. This is what pidgin -d
 gives me:

 (14:29:22) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD
 MAC
 Server Auth: 4096-bit RSA, Key Exchange: 1024-bit DHE, Compression: NULL
 Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 (14:29:22) nss: subject=CN=hasi.it issuer=CN=CAcert Class 3
 Root,OU=http://www.CAcert.org,O=CAcert Inc.
 (14:29:22) nss: partial certificate chain
 (14:29:22) certificate/x509/tls_cached: Starting verify for hasi.it
 (14:29:22) certificate/x509/tls_cached: Checking for cached cert...
 (14:29:22) certificate/x509/tls_cached: ...Not in cache
 (14:29:22) nss: CERT 0. CN=hasi.it :
 (14:29:22) nss:   ERROR -8179: SEC_ERROR_UNKNOWN_ISSUER
 (14:29:22) certificate: Failed to verify certificate for hasi.it
 (14:29:22) connection: Connection error on 0xb79c6a68 (reason: 15
 description: SSL peer presented an invalid certificate)

 $ cat /etc/*{release,version}
 DISTRIB_ID=Ubuntu
 DISTRIB_RELEASE=14.04
 DISTRIB_CODENAME=trusty"
 ...

 $ pidgin --version
 Pidgin 2.10.10 (libpurple 2.10.10)

 How can I fix this? Download the source (instead of apt-get...) and
 compile it from there?

 Thank you in advance.

--
Ticket URL: <https://developer.pidgin.im/ticket/16412#comment:10>
Pidgin <https://pidgin.im>
Pidgin


More information about the Tracker mailing list