[Pidgin] #16412: Unable to connect to XMPP servers using self signed certificates

Pidgin trac at pidgin.im
Wed Oct 29 04:43:50 EDT 2014

#16412: Unable to connect to XMPP servers using self signed certificates
 Reporter:  skyserver  |      Owner:  deryni
     Type:  defect     |     Status:  new
Milestone:             |  Component:  XMPP
  Version:  2.10.10    |   Keywords:
 In version 2.10.10 it's no longer possible to connect to a XMPP server
 which uses a self signed SSL certificate.
 The error message is:
 ''The certificate for <domain> could not be validated. The certificate
 chain presented is invalid.''

 The connection is possible if the server certificate is already in the
 local cache (\.purple\certificates\x509\tls_peers). If the certificate is
 not cached yet (e.g. after a fresh windows/pidgin installation) the
 connection fails.

 My test case was a Openfire 3.9.3 server using the default self signed
 certificates created after installation.

 My be the same error as ticket #16410.

 (09:26:08) account: Connecting to account admin at debian/.
 (09:26:08) connection: Connecting. gc = 055874A8
 (09:26:08) dnssrv: querying SRV record for debian: _xmpp-
 (09:26:08) dnssrv: Couldn't look up SRV record. Der DNS-Name ist nicht
 vorhanden. (9003).
 (09:26:08) dnsquery: Performing DNS lookup for debian
 (09:26:08) dnsquery: IP resolved for debian
 (09:26:08) proxy: Attempting connection to
 (09:26:08) proxy: Connecting to debian:5222 with no proxy
 (09:26:08) proxy: Connection in progress
 (09:26:08) proxy: Connecting to debian:5222.
 (09:26:08) proxy: Connected to debian:5222.
 (09:26:08) jabber: Sending (admin at debian): <?xml version='1.0' ?>
 (09:26:08) jabber: Sending (admin at debian): <stream:stream to='debian'
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 (09:26:08) jabber: Recv (179): <?xml version='1.0'
 xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
 from="debian" id="6c834f07" xml:lang="en" version="1.0">
 (09:26:08) jabber: Recv (486): <stream:features><starttls
 (09:26:08) jabber: Sending (admin at debian): <starttls
 (09:26:08) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-
 (09:26:08) nss: SSL version 3.3 using 128-bit AES with 160-bit SHA1 MAC
 Server Auth: 2048-bit RSA, Key Exchange: 768-bit DHE, Compression: NULL
 Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 (09:26:08) nss: subject=CN=debian issuer=CN=debian
 (09:26:08) certificate/x509/tls_cached: Starting verify for debian
 (09:26:08) certificate/x509/tls_cached: Checking for cached cert...
 (09:26:08) certificate/x509/tls_cached: ...Not in cache
 (09:26:08) nss: CERT 1. CN=debian [Certificate Authority]:
 (09:26:08) nss:   ERROR -8156: SEC_ERROR_CA_CERT_INVALID
 (09:26:08) nss:   ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
 (09:26:08) certificate: Failed to verify certificate for debian
 (09:26:08) connection: Connection error on 055874A8 (reason: 15
 description: Der SSL-Peer hat ein ungültiges Zertifikat präsentiert)
 (09:26:08) account: Disconnecting account admin at debian/ (0292E448)
 (09:26:08) connection: Disconnecting connection 055874A8
 (09:26:08) connection: Destroying connection 055874A8

Ticket URL: <https://developer.pidgin.im/ticket/16412>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list