[Pidgin] #15682: Certificate Error with sipe plugin
Pidgin
trac at pidgin.im
Wed Jun 8 18:58:53 EDT 2016
#15682: Certificate Error with sipe plugin
---------------------------+---------------------------
Reporter: MarcusMoeller | Owner: EionRobb
Type: defect | Status: closed
Milestone: | Component: unclassified
Version: 2.10.7 | Resolution:
Keywords: sipe |
---------------------------+---------------------------
Comment (by adsfadsfaawf):
Attached is the detailed log
I deleted the cached certificate, but on the next attempt pidgin cached
the cert then complaint that the cert has changed right after. The
internal server/domain name is not reachable from the Internet.
the server is sending the intermediate CA (verified with openssl s_client
-showcerts). Chrome and Firefox does not complain.
{{{
(17:40:27) util: Writing file accounts.xml to directory
/home/username/.purple
(17:40:27) util: Writing file /home/username/.purple/accounts.xml
(17:40:31) jabber: jabber_actions: have pep: YES
(17:40:31) account: Connecting to account
pater.griffin at uubisoft.com,pgriffin.
(17:40:31) connection: Connecting. gc = 0x5619ec90c450
(17:40:31) dnssrv: querying SRV record for uubisoft.com:
_sipinternaltls._tcp.uubisoft.com
(17:40:31) dnssrv: found 1 SRV entries
(17:40:31) dnsquery: Performing DNS lookup for nj-fepool.uubisoft.com
(17:40:31) dns: DNS child 13954 no longer exists
(17:40:31) dns: Created new DNS child 14138, there are now 1 children.
(17:40:31) dns: Successfully sent DNS request to child 14138
(17:40:31) dns: Got response for 'nj-fepool.uubisoft.com'
(17:40:31) dnsquery: IP resolved for nj-fepool.uubisoft.com
(17:40:31) proxy: Attempting connection to 172.18.199.19
(17:40:31) proxy: Connecting to nj-fepool.uubisoft.com:5061 with no proxy
(17:40:31) proxy: Connection in progress
(17:40:31) proxy: Connecting to nj-fepool.uubisoft.com:5061.
(17:40:31) proxy: Connected to nj-fepool.uubisoft.com:5061.
(17:40:31) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD
MAC
Server Auth: 2048-bit RSA, Key Exchange: 1022-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
(17:40:31) nss: subject=CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US issuer=CN=ny1-dc-01,DC
=uubi-soft,DC=net
(17:40:31) nss: partial certificate chain
(17:40:31) certificate/x509/tls_cached: Starting verify for nj-
fepool.uubisoft.com
(17:40:31) certificate/x509/tls_cached: Checking for cached cert...
(17:40:31) certificate/x509/tls_cached: ...Not in cache
(17:40:31) nss: CERT 0. CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US :
(17:40:31) nss: ERROR -8179: SEC_ERROR_UNKNOWN_ISSUER
(17:40:31) prefs: purple_prefs_get_bool: Unknown pref
/plugins/gtk/libnotify/replace_requests
(17:40:36) util: Writing file accounts.xml to directory
/home/username/.purple
(17:40:36) util: Writing file /home/username/.purple/accounts.xml
(17:40:44) certificate/x509/tls_cached: User ACCEPTED cert
Caching first in chain for future use as nj-fepool.uubisoft.com...
(17:40:44) nss/x509: Exporting certificate to
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:40:44) util: Writing file
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:40:44) nss: Trusting CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US
(17:40:44) certificate: Successfully verified certificate for nj-
fepool.uubisoft.com
(17:40:44) stun: using server
(17:40:44) stun: using server
(17:40:44) stun: using server
(17:40:44) stun: using server
(17:40:44) stun: using server
(17:40:44) dnsquery: Performing DNS lookup for nj-fepool.uubisoft.com
(17:40:44) dns: Successfully sent DNS request to child 14138
(17:40:44) dns: Got response for 'nj-fepool.uubisoft.com'
(17:40:44) dnsquery: IP resolved for nj-fepool.uubisoft.com
(17:40:44) proxy: Attempting connection to 172.18.199.19
(17:40:44) proxy: Connecting to nj-fepool.uubisoft.com:443 with no proxy
(17:40:44) proxy: Connection in progress
(17:40:45) proxy: Connecting to nj-fepool.uubisoft.com:443.
(17:40:45) proxy: Connected to nj-fepool.uubisoft.com:443.
(17:40:45) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD
MAC
Server Auth: 2048-bit RSA, Key Exchange: 1019-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
(17:40:45) nss: subject=CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US issuer=CN=thawte SHA256
SSL CA,O="thawte, Inc.",C=US
(17:40:45) nss: subject=CN=thawte SHA256 SSL CA,O="thawte, Inc.",C=US
issuer=CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For
authorized use only",OU=Certification Services Division,O="thawte,
Inc.",C=US
(17:40:45) nss: subject=CN=thawte Primary Root CA - G3,OU="(c) 2008
thawte, Inc. - For authorized use only",OU=Certification Services
Division,O="thawte, Inc.",C=US issuer=CN=thawte Primary Root CA -
G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification
Services Division,O="thawte, Inc.",C=US
(17:40:45) certificate/x509/tls_cached: Starting verify for nj-
fepool.uubisoft.com
(17:40:45) certificate/x509/tls_cached: Checking for cached cert...
(17:40:45) certificate/x509/tls_cached: ...Found cached cert
(17:40:45) nss/x509: Loading certificate from
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:40:45) certificate/x509/tls_cached: Peer cert did NOT match cached
(17:40:45) nss/x509: Exporting certificate to
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:40:45) util: Writing file
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:40:45) nss: Trusting CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US
(17:40:45) certificate: Successfully verified certificate for nj-
fepool.uubisoft.com
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) dnsquery: Performing DNS lookup for nj1-sfbfe-01.uubi-soft.net
(17:40:46) dns: Successfully sent DNS request to child 14138
(17:40:46) dns: Got response for 'nj1-sfbfe-01.uubi-soft.net'
(17:40:46) dnsquery: IP resolved for nj1-sfbfe-01.uubi-soft.net
(17:40:46) proxy: Attempting connection to 172.18.23.163
(17:40:46) proxy: Connecting to nj1-sfbfe-01.uubi-soft.net:5061 with no
proxy
(17:40:46) proxy: Connection in progress
(17:40:46) proxy: Connecting to nj1-sfbfe-01.uubi-soft.net:5061.
(17:40:46) proxy: Connected to nj1-sfbfe-01.uubi-soft.net:5061.
(17:40:46) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD
MAC
Server Auth: 2048-bit RSA, Key Exchange: 1024-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
(17:40:46) nss: subject=CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US issuer=CN=ny1-dc-01,DC
=uubi-soft,DC=net
(17:40:46) nss: partial certificate chain
(17:40:46) certificate/x509/tls_cached: Starting verify for nj1-sfbfe-01
.uubi-soft.net
(17:40:46) certificate/x509/tls_cached: Checking for cached cert...
(17:40:46) certificate/x509/tls_cached: ...Found cached cert
(17:40:46) nss/x509: Loading certificate from
/home/username/.purple/certificates/x509/tls_peers/nj1-sfbfe-01.uubi-
soft.net
(17:40:46) certificate/x509/tls_cached: Peer cert matched cached
(17:40:46) nss/x509: Exporting certificate to
/home/username/.purple/certificates/x509/tls_peers/nj1-sfbfe-01.uubi-
soft.net
(17:40:46) util: Writing file
/home/username/.purple/certificates/x509/tls_peers/nj1-sfbfe-01.uubi-
soft.net
(17:40:46) nss: Trusting CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US
(17:40:46) certificate: Successfully verified certificate for nj1-sfbfe-01
.uubi-soft.net
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) stun: using server
(17:40:46) dnsquery: Performing DNS lookup for nj-fepool.uubisoft.com
(17:40:46) dns: Successfully sent DNS request to child 14138
(17:40:46) dns: Got response for 'nj-fepool.uubisoft.com'
(17:40:46) dnsquery: IP resolved for nj-fepool.uubisoft.com
(17:40:46) proxy: Attempting connection to 172.18.199.19
(17:40:46) proxy: Connecting to nj-fepool.uubisoft.com:443 with no proxy
(17:40:46) proxy: Connection in progress
(17:40:47) proxy: Connecting to nj-fepool.uubisoft.com:443.
(17:40:47) proxy: Connected to nj-fepool.uubisoft.com:443.
(17:40:47) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD
MAC
Server Auth: 2048-bit RSA, Key Exchange: 1019-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
(17:40:47) nss: subject=CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US issuer=CN=thawte SHA256
SSL CA,O="thawte, Inc.",C=US
(17:40:47) nss: subject=CN=thawte SHA256 SSL CA,O="thawte, Inc.",C=US
issuer=CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For
authorized use only",OU=Certification Services Division,O="thawte,
Inc.",C=US
(17:40:47) nss: subject=CN=thawte Primary Root CA - G3,OU="(c) 2008
thawte, Inc. - For authorized use only",OU=Certification Services
Division,O="thawte, Inc.",C=US issuer=CN=thawte Primary Root CA -
G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification
Services Division,O="thawte, Inc.",C=US
(17:40:47) certificate/x509/tls_cached: Starting verify for nj-
fepool.uubisoft.com
(17:40:47) certificate/x509/tls_cached: Checking for cached cert...
(17:40:47) certificate/x509/tls_cached: ...Found cached cert
(17:40:47) nss/x509: Loading certificate from
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:40:47) certificate/x509/tls_cached: Peer cert matched cached
(17:40:47) nss/x509: Exporting certificate to
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:40:47) util: Writing file
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:40:47) nss: Trusting CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US
(17:40:47) certificate: Successfully verified certificate for nj-
fepool.uubisoft.com
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) jabber: jabber_actions: have pep: YES
(17:40:47) pidgin-libnotify: event_connection_throttle() called
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:47) GLib: g_hash_table_lookup: assertion 'hash_table != NULL'
failed
(17:40:47) stun: using server
(17:40:47) dnsquery: Performing DNS lookup for nj-epool.uubisoft.com
(17:40:47) dns: Successfully sent DNS request to child 14138
(17:40:47) dns: Got response for 'nj-epool.uubisoft.com'
(17:40:47) dnsquery: IP resolved for nj-epool.uubisoft.com
(17:40:47) stun: using server
(17:40:47) stun: using server
(17:40:48) stun: using server
(17:40:48) stun: using server
(17:40:48) stun: using server
(17:40:48) stun: using server
(17:40:48) stun: using server
(17:40:48) stun: using server
>>>
enable again
>
(17:42:56) util: Writing file accounts.xml to directory
/home/username/.purple
(17:42:56) util: Writing file /home/username/.purple/accounts.xml
(17:42:59) jabber: jabber_actions: have pep: YES
(17:42:59) account: Connecting to account
pater.griffin at uubisoft.com,pgriffin.
(17:42:59) connection: Connecting. gc = 0x5619ebdaad70
(17:42:59) dnssrv: querying SRV record for uubisoft.com:
_sipinternaltls._tcp.uubisoft.com
(17:42:59) dnssrv: found 1 SRV entries
(17:42:59) dnsquery: Performing DNS lookup for nj-fepool.uubisoft.com
(17:42:59) dns: DNS child 14167 no longer exists
(17:42:59) dns: Created new DNS child 14199, there are now 1 children.
(17:42:59) dns: Successfully sent DNS request to child 14199
(17:42:59) dns: Got response for 'nj-fepool.uubisoft.com'
(17:42:59) dnsquery: IP resolved for nj-fepool.uubisoft.com
(17:42:59) proxy: Attempting connection to 172.18.199.19
(17:42:59) proxy: Connecting to nj-fepool.uubisoft.com:5061 with no proxy
(17:42:59) proxy: Connection in progress
(17:42:59) proxy: Connecting to nj-fepool.uubisoft.com:5061.
(17:42:59) proxy: Connected to nj-fepool.uubisoft.com:5061.
(17:42:59) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD
MAC
Server Auth: 2048-bit RSA, Key Exchange: 1022-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
(17:42:59) nss: subject=CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US issuer=CN=ny1-dc-01,DC
=uubi-soft,DC=net
(17:42:59) nss: partial certificate chain
(17:42:59) certificate/x509/tls_cached: Starting verify for nj-
fepool.uubisoft.com
(17:42:59) certificate/x509/tls_cached: Checking for cached cert...
(17:42:59) certificate/x509/tls_cached: ...Found cached cert
(17:42:59) nss/x509: Loading certificate from
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:42:59) certificate/x509/tls_cached: Peer cert did NOT match cached
(17:42:59) nss: CERT 0. CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US :
(17:42:59) nss: ERROR -8179: SEC_ERROR_UNKNOWN_ISSUER
(17:42:59) prefs: purple_prefs_get_bool: Unknown pref
/plugins/gtk/libnotify/replace_requests
(17:43:00) jabber: Sending (ssl) (pgriffin at jabber.uubisoft.com/9a9dbe97):
<iq type='get' id='purple7b2971e4'><ping xmlns='urn:xmpp:ping'/></iq>
(17:43:00) util: Writing file blist.xml to directory
/home/username/.purple
(17:43:00) util: Writing file /home/username/.purple/blist.xml
(17:43:00) jabber: Recv (ssl)(75): <iq type="result" id="purple7b2971e4"
to="pgriffin at jabber.uubisoft.com/9a9dbe97"/>
(17:43:04) util: Writing file accounts.xml to directory
/home/username/.purple
(17:43:04) util: Writing file /home/username/.purple/accounts.xml
(17:43:08) certificate/x509/tls_cached: User ACCEPTED cert
Caching first in chain for future use as nj-fepool.uubisoft.com...
(17:43:08) nss/x509: Exporting certificate to
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:43:08) util: Writing file
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:43:08) nss: Trusting CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US
(17:43:08) certificate: Successfully verified certificate for nj-
fepool.uubisoft.com
(17:43:08) stun: using server
(17:43:08) stun: using server
(17:43:08) stun: using server
(17:43:08) stun: using server
(17:43:08) stun: using server
(17:43:08) dnsquery: Performing DNS lookup for nj-fepool.uubisoft.com
(17:43:08) dns: Successfully sent DNS request to child 14199
(17:43:08) dns: Got response for 'nj-fepool.uubisoft.com'
(17:43:08) dnsquery: IP resolved for nj-fepool.uubisoft.com
(17:43:08) proxy: Attempting connection to 172.18.199.19
(17:43:08) proxy: Connecting to nj-fepool.uubisoft.com:443 with no proxy
(17:43:08) proxy: Connection in progress
(17:43:08) proxy: Connecting to nj-fepool.uubisoft.com:443.
(17:43:08) proxy: Connected to nj-fepool.uubisoft.com:443.
(17:43:08) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD
MAC
Server Auth: 2048-bit RSA, Key Exchange: 1019-bit DHE, Compression: NULL
Cipher Suite Name: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
(17:43:08) nss: subject=CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US issuer=CN=thawte SHA256
SSL CA,O="thawte, Inc.",C=US
(17:43:08) nss: subject=CN=thawte SHA256 SSL CA,O="thawte, Inc.",C=US
issuer=CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For
authorized use only",OU=Certification Services Division,O="thawte,
Inc.",C=US
(17:43:08) nss: subject=CN=thawte Primary Root CA - G3,OU="(c) 2008
thawte, Inc. - For authorized use only",OU=Certification Services
Division,O="thawte, Inc.",C=US issuer=CN=thawte Primary Root CA -
G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification
Services Division,O="thawte, Inc.",C=US
(17:43:08) certificate/x509/tls_cached: Starting verify for nj-
fepool.uubisoft.com
(17:43:08) certificate/x509/tls_cached: Checking for cached cert...
(17:43:08) certificate/x509/tls_cached: ...Found cached cert
(17:43:08) nss/x509: Loading certificate from
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:43:08) certificate/x509/tls_cached: Peer cert did NOT match cached
(17:43:08) nss/x509: Exporting certificate to
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:43:08) util: Writing file
/home/username/.purple/certificates/x509/tls_peers/nj-fepool.uubisoft.com
(17:43:08) nss: Trusting CN=nj-fepool.uubisoft.com,OU=Corporate
IT,O="uubisoft, Inc.",L=New York,ST=New York,C=US
(17:43:08) certificate: Successfully verified certificate for nj-
fepool.uubisoft.com
(17:43:09) stun: using server
(17:43:09) stun: using server
(17:43:09) stun: using server
(17:43:09) stun: using server
(17:43:10) stun: using server
(17:43:10) stun: using server
>>>
export NSS_SSL_CBC_RANDOM_IV=0
did not solve this problem
}}}
--
Ticket URL: <https://developer.pidgin.im/ticket/15682#comment:13>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list