[Pidgin] #16412: Unable to connect to XMPP servers using self signed certificates
Pidgin
trac at pidgin.im
Wed Oct 29 04:43:50 EDT 2014
#16412: Unable to connect to XMPP servers using self signed certificates
-----------------------+--------------------
Reporter: skyserver | Owner: deryni
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.10.10 | Keywords:
-----------------------+--------------------
In version 2.10.10 it's no longer possible to connect to a XMPP server
which uses a self signed SSL certificate.
The error message is:
''The certificate for <domain> could not be validated. The certificate
chain presented is invalid.''
The connection is possible if the server certificate is already in the
local cache (\.purple\certificates\x509\tls_peers). If the certificate is
not cached yet (e.g. after a fresh windows/pidgin installation) the
connection fails.
My test case was a Openfire 3.9.3 server using the default self signed
certificates created after installation.
My be the same error as ticket #16410.
{{{
(09:26:08) account: Connecting to account admin at debian/.
(09:26:08) connection: Connecting. gc = 055874A8
(09:26:08) dnssrv: querying SRV record for debian: _xmpp-
client._tcp.debian
(09:26:08) dnssrv: Couldn't look up SRV record. Der DNS-Name ist nicht
vorhanden. (9003).
(09:26:08) dnsquery: Performing DNS lookup for debian
(09:26:08) dnsquery: IP resolved for debian
(09:26:08) proxy: Attempting connection to 192.168.0.66
(09:26:08) proxy: Connecting to debian:5222 with no proxy
(09:26:08) proxy: Connection in progress
(09:26:08) proxy: Connecting to debian:5222.
(09:26:08) proxy: Connected to debian:5222.
(09:26:08) jabber: Sending (admin at debian): <?xml version='1.0' ?>
(09:26:08) jabber: Sending (admin at debian): <stream:stream to='debian'
xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
version='1.0'>
(09:26:08) jabber: Recv (179): <?xml version='1.0'
encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="debian" id="6c834f07" xml:lang="en" version="1.0">
(09:26:08) jabber: Recv (486): <stream:features><starttls
xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-
MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism
>CRAM-MD5</mechanism></mechanisms><compression
xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth
xmlns="http://jabber.org/features/iq-auth"/><register
xmlns="http://jabber.org/features/iq-register"/></stream:features>
(09:26:08) jabber: Sending (admin at debian): <starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(09:26:08) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-
tls"/>
(09:26:08) nss: SSL version 3.3 using 128-bit AES with 160-bit SHA1 MAC
Server Auth: 2048-bit RSA, Key Exchange: 768-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
(09:26:08) nss: subject=CN=debian issuer=CN=debian
(09:26:08) certificate/x509/tls_cached: Starting verify for debian
(09:26:08) certificate/x509/tls_cached: Checking for cached cert...
(09:26:08) certificate/x509/tls_cached: ...Not in cache
(09:26:08) nss: CERT 1. CN=debian [Certificate Authority]:
(09:26:08) nss: ERROR -8156: SEC_ERROR_CA_CERT_INVALID
(09:26:08) nss: ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
(09:26:08) certificate: Failed to verify certificate for debian
(09:26:08) connection: Connection error on 055874A8 (reason: 15
description: Der SSL-Peer hat ein ungültiges Zertifikat präsentiert)
(09:26:08) account: Disconnecting account admin at debian/ (0292E448)
(09:26:08) connection: Disconnecting connection 055874A8
(09:26:08) connection: Destroying connection 055874A8
}}}
--
Ticket URL: <https://developer.pidgin.im/ticket/16412>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list