Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#14614 closed defect (wontfix)

Google Talk with different domains doesn't set talk.google.com

Reported by: Skinkie Owned by: deryni
Milestone: Component: XMPP
Version: 2.10.0 Keywords:
Cc:

Description

When creating a Google Talk account using a different domain, think of e-mail hosted on Google. The settings change to a regular XMPP account. This seems to be ok, because Google Talk is a regular XMPP service. Sadly Pidgin doesn't explicitly set the server to talk.google.com. Thus Pidgin tries to connect to a Jabber server on the domain itself, but not to the Google Jabber server.

Yes, it could be fixed by adding SRV records on the domain. But I guess it is much easier if a Google Talk account would actually add talk.google.com as domain.

Change History (4)

comment:1 Changed 8 years ago by rekkanoryo

  • Resolution set to wontfix
  • Status changed from new to closed

We will not automatically add "talk.google.com" to the connect server field. It is the domain owner's responsibility to create the appropriate SRV records in DNS. Explicitly adding talk.google.com as the connect server breaks certificate validation because talk.google.com is not the DNS name of the server that clients are directed to connect to (thus the certificate's hostname does not match the hostname of what we've connected to).

comment:2 Changed 8 years ago by Robby

  • Milestone 2.10.1 deleted

comment:3 Changed 8 years ago by Skinkie

I see your point in a different perspective 'other clients' next to Google talking to this client. But the hole certificate chain thing doesn't make sense to me. XMPP opens a connection to a server, and the 'authentication domainname' is totally unrelated. Similar to an SMTP/IMAP/POP service offering different domains.

comment:4 Changed 8 years ago by darkrain42

The situation regarding certificates is actually a bit complex (tl;dr -- large hosting providers and delegated trust isn't a solved problem yet for XMPP).

For STARTTLS-based XMPP connections, Google servers up a few (at least two) different certificates, depending on the domain being connected to.

  • If the domain is "gmail.com" (or probably googlemail.com), they serve up a cert for that domain.
  • If the domain is something else (e.g. it's GAfYD), they serve up "talk.google.com".

This led to a conflict. If Pidgin adds the Connect Server, gmail.com accounts generate a cert warning. If Pidgin doesn't add the Connect Server, other domains (may fail to connect, and) generate a cert warning.

All in all, the appropriate step is to add the appropriate SRV records (and fix broken DNS servers as needed), and if your domain isn't google-owned, validate the certificate the first time you connect (or, yes, add the Connect Server)

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!