[Pidgin] #17275: Need option to ignore certificate errors
Pidgin
trac at pidgin.im
Fri Nov 30 10:58:47 EST 2018
#17275: Need option to ignore certificate errors
---------------------------------+---------------------
Reporter: plarkinjr | Owner: deryni
Type: enhancement | Status: new
Milestone: | Component: XMPP
Version: 2.12.0 | Resolution:
Keywords: SSL Certificate nss |
---------------------------------+---------------------
Comment (by mattenklicker):
I get exactly the same error with Cisco Jabber. The problem is probably
that the CN of the certificate does not match the hostname (which is the
case here). And pidgin does check only the CN and not the hostnames in
Subject Alternative Name:
https://bitbucket.org/pidgin/main/src/0489ab8d380234a6f9bd32b3ad0ae9aa2edcaa1d/libpurple/certificate.h?at=release-2.x.y&fileviewer
=file-view-default#certificate.h-286: "For X.509, this is the "Common
Name" field, as we're only using it"
"openssl s_client -showcerts -connect host:5222 -starttls xmpp" shows no
error.
BTW: If you use gnutls instead of nss you get a popup to ignore the
certificate failure.
--
Ticket URL: <https://developer.pidgin.im/ticket/17275#comment:1>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list