ICQ certificate problems

[aditsu]

When I started pidgin today I got this message:

Accept certificate for api.login.icq.net? The certificate for api.login.icq.net could not be validated. The certificate is not trusted because no certificate that can verify it is currently trusted.

After accepting it, I got this:

Accept certificate for api.icq.net? The certificate for api.icq.net could not be validated. The certificate claims to be from "api.login.icq.net" instead. This could mean that you are not connecting to the service you believe you are. The certificate is not trusted because no certificate that can verify it is currently trusted.

I accepted that too, then I went and saved the 2 certificates and they are identical. I'll try to attach it.

[aditsu]

icq certificate

[rekkanoryo]

Ticket #14487 has been marked as a duplicate of this ticket.

[MarkDoliner]

I think there were two problems causing these messages to appear.

1. The certificate for api.icq.net used a name of "api.login.icq.net." It's possible that this was partially our fault, for using an incorrect hostname to connect to this server. Another possibility is that ICQ accidentally used the wrong cert on this server. I think they have since fixed this problem on their end.
2. Pidgin couldn't validate the certificates for api.icq.net and api.login.icq.net because our list of trusted CA certs didn't include the CA cert that signed ICQ's two certificates. I think ICQ fixed this on their end by including the appropriate intermediate CA certs in the certificates returned by their servers.

This problem isn't happening for me anymore. It seems like ICQ has made appropriate changes to fix the problem on their end. If other people are still having issues, feel free to add a comment here or re-open this or file a new ticket.