#17118: SSL peer presented an invalid certificate

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

#17118: SSL peer presented an invalid certificate

Pidgin
#17118: SSL peer presented an invalid certificate
--------------------+------------------------------------
 Reporter:  iammyr  |      Owner:  deryni
     Type:  defect  |     Status:  new
Milestone:          |  Component:  XMPP
  Version:  2.11.0  |   Keywords:  google certificate ssl
--------------------+------------------------------------
 I created a new XMPP account to connect to Google Talks as follows:
 Basic:
 - username: my google username (i.e., without @gmail.com)
 - domain: gmail.com
 - password: the app password I generated on my google account (since my
 own usual password wouldn't have worked given I have the 2 steps
 verification activated)
 Advanced:
 - Require encryption
 - Port 5222 (default)
 - file transfer proxies: proxy.eu.jabber.org (default)
 Proxy:
 - use global proxy settings (default)

 Other accounts like IRC do connect properly. Only this XMPP one doesn't.
 In fact, I get the following error:
 "SSL certificate error - Unable to validate certificate -
 The certificate for gmail.com could not be validated. The certificate
 chain presented is invalid. - SSL peer presented an invalid certificate"

 And in the debug:


 {{{
 (14:12:31) account: Connecting to account [hidden email]/.
 (14:12:31) connection: Connecting. gc = 0x7fae936d27f0
 (14:12:31) dnssrv: querying SRV record for gmail.com: _xmpp-
 client._tcp.gmail.com
 (14:12:31) dnssrv: found 5 SRV entries
 (14:12:31) dnsquery: Performing DNS lookup for xmpp.l.google.com
 (14:12:31) dns: Wait for DNS child 19238 failed: No child processes
 (14:12:31) dns: Created new DNS child 19254, there are now 1 children.
 (14:12:31) dns: Successfully sent DNS request to child 19254
 (14:12:31) dns: Got response for 'xmpp.l.google.com'
 (14:12:31) dnsquery: IP resolved for xmpp.l.google.com
 (14:12:31) proxy: Attempting connection to 74.125.71.125
 (14:12:31) proxy: Connecting to xmpp.l.google.com:5222 with no proxy
 (14:12:31) proxy: Connection in progress
 (14:12:31) proxy: Connecting to xmpp.l.google.com:5222.
 (14:12:31) proxy: Connected to xmpp.l.google.com:5222.
 (14:12:31) jabber: Sending ([hidden email]): <?xml version='1.0' ?>
 (14:12:31) jabber: Sending ([hidden email]): <stream:stream to='gmail.com'
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 version='1.0'>
 (14:12:31) jabber: Recv (379): <stream:stream from="gmail.com"
 id="C87F9170025A4FA9" version="1.0"
 xmlns:stream="http://etherx.jabber.org/streams"
 xmlns="jabber:client"><stream:features><starttls
 xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms
 xmlns="urn:ietf:params:xml:ns:xmpp-
 sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-
 TOKEN</mechanism></mechanisms></stream:features>
 (14:12:31) jabber: Sending ([hidden email]): <starttls
 xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
 (14:12:31) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-
 tls"/>
 (14:12:31) gnutls: Starting handshake with gmail.com
 (14:12:31) gnutls: Handshake complete
 (14:12:31) gnutls/x509: Key print:
 b0:d2:b9:d4:9a:e9:1f:d8:af:6a:b3:df:2f:fb:db:1c:26:39:28:4e
 (14:12:31) gnutls/x509: Key print:
 d6:ad:07:c6:67:56:30:f5:7b:92:7f:66:be:8c:e1:f7:68:f8:79:48
 (14:12:31) gnutls/x509: Key print:
 73:59:75:5c:6d:f9:a0:ab:c3:06:0b:ce:36:95:64:c8:ec:45:42:a3
 (14:12:31) gnutls: Peer provided 3 certs
 (14:12:31) gnutls: Lvl 0 SHA1 fingerprint:
 b0:d2:b9:d4:9a:e9:1f:d8:af:6a:b3:df:2f:fb:db:1c:26:39:28:4e
 (14:12:31) gnutls: Serial: 1b:53:bc:55:bd:ba:bf:6c
 (14:12:31) gnutls: Cert DN: C=US,ST=California,L=Mountain View,O=Google
 Inc,CN=gmail.com
 (14:12:31) gnutls: Cert Issuer DN: C=US,O=Google Inc,CN=XXXGoogle Internet
 Authority G2
 (14:12:31) gnutls: Lvl 1 SHA1 fingerprint:
 d6:ad:07:c6:67:56:30:f5:7b:92:7f:66:be:8c:e1:f7:68:f8:79:48
 (14:12:31) gnutls: Serial: 02:3a:92
 (14:12:31) gnutls: Cert DN: C=US,O=Google Inc,CN=Google Internet Authority
 G2
 (14:12:31) gnutls: Cert Issuer DN: C=US,O=GeoTrust Inc.,CN=GeoTrust Global
 CA
 (14:12:31) gnutls: Lvl 2 SHA1 fingerprint:
 73:59:75:5c:6d:f9:a0:ab:c3:06:0b:ce:36:95:64:c8:ec:45:42:a3
 (14:12:31) gnutls: Serial: 12:bb:e6
 (14:12:31) gnutls: Cert DN: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 (14:12:31) gnutls: Cert Issuer DN: C=US,O=Equifax,OU=Equifax Secure
 Certificate Authority
 (14:12:31) certificate/x509/tls_cached: Starting verify for gmail.com
 (14:12:31) certificate/x509/tls_cached: Checking for cached cert...
 (14:12:31) certificate/x509/tls_cached: ...Not in cache
 (14:12:31) gnutls/x509: Certificate C=US,ST=California,L=Mountain
 View,O=Google Inc,CN=gmail.com is issued by C=US,O=Google Inc,CN=Google
 Internet Authority G2, which does not match C=US,ST=California,L=Mountain
 View,O=Google Inc,CN=gmail.com.
 (14:12:31) certificate: Checking signature chain for
 uid=C=US,ST=California,L=Mountain View,O=Google Inc,CN=gmail.com
 (14:12:31) certificate: ...Good signature by C=US,O=Google Inc,CN=Google
 Internet Authority G2
 (14:12:31) certificate: ...Good signature by C=US,O=GeoTrust
 Inc.,CN=GeoTrust Global CA
 (14:12:31) certificate: Chain is VALID
 (14:12:31) certificate/x509/tls_cached: Checking for a CA with
 DN=C=US,O=Equifax,OU=Equifax Secure Certificate Authority
 (14:12:31) certificate/x509/tls_cached: Also checking for a CA with
 DN=C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 (14:12:31) gnutls: Attempting to load X.509 certificates from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/CAcert_Class3.pem
 (14:12:31) certificate/x509/ca: Loaded CAcert Class 3 Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/CAcert_Class3.pem
 (14:12:31) gnutls: Attempting to load X.509 certificates from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/CAcert_Root.pem
 (14:12:31) certificate/x509/ca: Loaded CA Cert Signing Authority from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/CAcert_Root.pem
 (14:12:31) gnutls: Attempting to load X.509 certificates from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Certum Trusted Network CA 2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded SZAFIR ROOT CA2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded CA WoSign ECC Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Certification Authority of WoSign
 G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded OISTE WISeKey Global Root GB CA
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Certinomis - Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded TÜRKTRUST Elektronik Sertifika
 Hizmet Sağlayıcısı H6 from /usr/local/Cellar/pidgin/2.11.0/share/purple
 /ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded TÜRKTRUST Elektronik Sertifika
 Hizmet Sağlayıcısı H5 from /usr/local/Cellar/pidgin/2.11.0/share/purple
 /ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded CFCA EV ROOT from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Entrust Root Certification
 Authority - EC1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Entrust Root Certification
 Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded IdenTrust Public Sector Root CA 1
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded IdenTrust Commercial Root CA 1 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Staat der Nederlanden EV Root CA
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Staat der Nederlanden Root CA - G3
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GlobalSign from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GlobalSign from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded USERTrust ECC Certification
 Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded USERTrust RSA Certification
 Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded COMODO RSA Certification Authority
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded CA 沃通根证书 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Certification Authority of WoSign
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DigiCert Trusted Root G4 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DigiCert Global Root G3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DigiCert Global Root G2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DigiCert Assured ID Root G3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DigiCert Assured ID Root G2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 3 G3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 2 G3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 1 G3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Atos TrustedRoot 2011 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded T-TeleSec GlobalRoot Class 2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded E-Tugra Certification Authority
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded TeliaSonera Root CA v1 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded TWCA Global Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded ACCVRAIZ1 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded CA Disig Root R2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded CA Disig Root R1 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Swisscom Root EV CA 2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Swisscom Root CA 2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded China Internet Network Information
 Center EV Certificates Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded PSCProcert from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded D-TRUST Root Class 3 CA 2 EV 2009
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded D-TRUST Root Class 3 CA 2 2009 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded TÜRKTRUST Elektronik Sertifika
 Hizmet Sağlayıcısı from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded EE Certification Centre Root CA
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded T-TeleSec GlobalRoot Class 3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Buypass Class 3 Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Buypass Class 2 Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded StartCom Certification Authority G2
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded StartCom Certification Authority
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Actalis Authentication Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Hellenic Academic and Research
 Institutions RootCA 2011 from /usr/local/Cellar/pidgin/2.11.0/share/purple
 /ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded EC-ACC from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded TWCA Root Certification Authority
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Root CA Generalitat Valenciana from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Certinomis - Autorité Racine from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Certum Trusted Network CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AffirmTrust Premium ECC from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AffirmTrust Premium from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AffirmTrust Networking from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AffirmTrust Commercial from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Starfield Services Root Certificate
 Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Starfield Root Certificate
 Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Go Daddy Root Certificate Authority
 - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Global Chambersign Root - 2008 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Chambers of Commerce Root - 2008
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Izenpe.com from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Autoridad de Certificacion
 Firmaprofesional CIF A62634068 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GlobalSign from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Microsec e-Szigno Root CA 2009 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded ACEDICOM Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded SecureSign RootCA11 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Hongkong Post Root CA 1 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Juur-SK from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Staat der Nederlanden Root CA - G2
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded NetLock Arany (Class Gold)
 Főtanúsítvány from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary
 Certification Authority - G4 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded VeriSign Universal Root
 Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple
 /ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GeoTrust Primary Certification
 Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded thawte Primary Root CA - G3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded thawte Primary Root CA - G2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GeoTrust Primary Certification
 Authority - G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded CNNIC ROOT from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded EBG Elektronik Sertifika Hizmet
 Sağlayıcısı from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Buypass Class 2 CA 1 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded TÜBİTAK UEKAE Kök Sertifika Hizmet
 Sağlayıcısı - Sürüm 3 from /usr/local/Cellar/pidgin/2.11.0/share/purple
 /ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Cybertrust Global Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Deutsche Telekom Root CA 2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Certigna from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Microsec e-Szigno Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded OISTE WISeKey Global Root GA CA
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded IGC/A from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded COMODO ECC Certification Authority
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded WellsSecure Public Root Certificate
 Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Network Solutions Certificate
 Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded COMODO Certification Authority from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Secure Global CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded SecureTrust CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary
 Certification Authority - G5 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded thawte Primary Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GeoTrust Primary Certification
 Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded SwissSign Silver CA - G2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded SwissSign Gold CA - G2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DST ACES CA X6 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DST Root CA X3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Class 2 Primary CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DigiCert High Assurance EV Root CA
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DigiCert Global Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded DigiCert Assured ID Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Swisscom Root CA 1 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded StartCom Certification Authority
 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded XRamp Global Certification
 Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Global Chambersign Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Chambers of Commerce Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded UTN-USERFirst-Hardware from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Sonera Class2 CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded QuoVadis Root Certification
 Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Trusted Certificate Services from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Secure Certificate Services from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AAA Certificate Services from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Certum CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Visa eCommerce Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GeoTrust Universal CA 2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GeoTrust Universal CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GeoTrust Global CA 2 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GeoTrust Global CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) gnutls/x509: Failed to get Common Name
 (14:12:31) certificate/x509/ca: Loaded (unknown) from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Entrust Root Certification
 Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AddTrust Qualified CA Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AddTrust Public CA Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AddTrust External CA Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded AddTrust Class 1 CA Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Baltimore CyberTrust Root from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded Entrust.net Certification Authority
 (2048) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-
 certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary
 Certification Authority - G3 from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GlobalSign from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Loaded GlobalSign Root CA from
 /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
 (14:12:31) certificate/x509/ca: Lazy init completed.
 (14:12:31) gnutls/x509: Certificate C=US,O=GeoTrust Inc.,CN=GeoTrust
 Global CA is issued by C=US,O=Equifax,OU=Equifax Secure Certificate
 Authority, which does not match C=US,O=GeoTrust Inc.,CN=GeoTrust Global
 CA.
 (14:12:31) certificate: Failed to verify certificate for gmail.com
 (14:12:31) connection: Connection error on 0x7fae936d27f0 (reason: 15
 description: SSL peer presented an invalid certificate)
 (14:12:31) account: Disconnecting account [hidden email]/ (0x7fae9344e950)
 }}}


 Pidgin: Pidgin 2.11.0 (libpurple 2.11.0) installed via brew
 OS: OS X El Capitan version 10.11.6

--
Ticket URL: <https://developer.pidgin.im/ticket/17118>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17118: SSL peer presented an invalid certificate

Pidgin
#17118: SSL peer presented an invalid certificate
------------------------------------+---------------------
 Reporter:  iammyr                  |       Owner:  deryni
     Type:  defect                  |      Status:  new
Milestone:                          |   Component:  XMPP
  Version:  2.11.0                  |  Resolution:
 Keywords:  google certificate ssl  |
------------------------------------+---------------------

Comment (by bennyboom):

 I have the same issue with my Google Hangout account

--
Ticket URL: <https://developer.pidgin.im/ticket/17118#comment:1>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17118: SSL peer presented an invalid certificate

Pidgin
In reply to this post by Pidgin
#17118: SSL peer presented an invalid certificate
------------------------------------+---------------------
 Reporter:  iammyr                  |       Owner:  deryni
     Type:  defect                  |      Status:  new
Milestone:                          |   Component:  XMPP
  Version:  2.11.0                  |  Resolution:
 Keywords:  google certificate ssl  |
------------------------------------+---------------------

Comment (by viacheslavg):

 The same issue for my with 2.11.0 version.

 What I notice is when pidgin requests SSL certificeate from google (during
 login) it gets cert with CN=gmail.com, but when I export gmail certificate
 from browser it has CN=*.google.com thus (I suppose) pidgin refuses it.

 So, the question is either:
 1) how to get google certificate with CN=gmail.com (to import it in
 pidgin)
 or
 2) make pidgin accept certificate with CN=*.google.com

 For option 1) I did a lot of tries to get cert with smth like:
 $ openssl s_client -showcerts -connect google.com:443

 but in all cases I get CN=*.google.com which is not accepted by pidgin at
 login.

--
Ticket URL: <https://developer.pidgin.im/ticket/17118#comment:2>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17118: SSL peer presented an invalid certificate

Pidgin
In reply to this post by Pidgin
#17118: SSL peer presented an invalid certificate
------------------------------------+---------------------
 Reporter:  iammyr                  |       Owner:  deryni
     Type:  defect                  |      Status:  new
Milestone:                          |   Component:  XMPP
  Version:  2.11.0                  |  Resolution:
 Keywords:  google certificate ssl  |
------------------------------------+---------------------

Comment (by viacheslavg):

 Finally I've got the correct way for option 1).
 To get SSL certificate with CN=gmail.com use following command:

 $ openssl s_client -showcerts -servername gmail.com -connect gmail.com:443

 this will retrieve correct certificate with CN=gmail.com

 after importing it into pidgin (Tools->Certificates) it should work fine.

--
Ticket URL: <https://developer.pidgin.im/ticket/17118#comment:3>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17118: SSL peer presented an invalid certificate

Pidgin
In reply to this post by Pidgin
#17118: SSL peer presented an invalid certificate
------------------------------------+----------------------
 Reporter:  iammyr                  |       Owner:  deryni
     Type:  defect                  |      Status:  pending
Milestone:                          |   Component:  XMPP
  Version:  2.11.0                  |  Resolution:
 Keywords:  google certificate ssl  |
------------------------------------+----------------------
Changes (by dx):

 * status:  new => pending


Comment:

 Does this still happen with 2.12.0? There are relevant fixes.

--
Ticket URL: <https://developer.pidgin.im/ticket/17118#comment:4>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17118: SSL peer presented an invalid certificate

Pidgin
In reply to this post by Pidgin
#17118: SSL peer presented an invalid certificate
------------------------------------+----------------------
 Reporter:  iammyr                  |       Owner:  deryni
     Type:  defect                  |      Status:  pending
Milestone:                          |   Component:  XMPP
  Version:  2.11.0                  |  Resolution:
 Keywords:  google certificate ssl  |
------------------------------------+----------------------

Comment (by viacheslavg):

 Works fine with 2.12.0.
 Thanks!

--
Ticket URL: <https://developer.pidgin.im/ticket/17118#comment:5>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17118: SSL peer presented an invalid certificate

Pidgin
In reply to this post by Pidgin
#17118: SSL peer presented an invalid certificate
------------------------------------+---------------------
 Reporter:  iammyr                  |       Owner:  deryni
     Type:  defect                  |      Status:  closed
Milestone:                          |   Component:  XMPP
  Version:  2.11.0                  |  Resolution:  fixed
 Keywords:  google certificate ssl  |
------------------------------------+---------------------
Changes (by dx):

 * status:  pending => closed
 * resolution:   => fixed


--
Ticket URL: <https://developer.pidgin.im/ticket/17118#comment:6>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker