Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#15180 closed defect

Google Certificate is cached only once when Google Apps account is enabled too

Reported by: dandv Owned by: deryni
Milestone: Component: XMPP
Version: 2.10.4 Keywords:
Cc:

Description

As darkrain42 pointed out in ticket #2856, Pidgin caches only one certificate per server.

I have two accounts - a Gmail account, and a Google Apps account. If I enable only the Gmail account, Pidgin authenticates correctly. If I enable the Google Apps account afterwards, Pidgin authenticates that one correctly too.

If I disable both accounts, then enable the Google Apps one, Pidgin authenticates correctly. Now the bug - if I additionally enable the Gmail account after the Google Apps one is logged in, I get the following misleadnig error:

The certificate for talk.google.com could not be validated.
The certificate claims to be from "gmail.com" instead. This could mean that you are not connecting to the service you believe you are.

So the sequence that triggers the bug is:

  1. enable Google Apps account
  2. enable Gmail account.

It would be great if this were fixed, and not see those scary MITM certificate error popups when my Wi-Fi reconnects :)

Attachments (1)

Adding SRV records for XMPP in Linode's DNS manager.png (8.7 KB) - added by dandv 4 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 47 years ago by dandv

  • Status changed from pending to new

comment:1 Changed 4 years ago by dandv

Saw that 2.10.7 did some work on certificates. Any chance of fixing this issue as well?

comment:2 Changed 4 years ago by datallah

  • Status changed from new to pending

The solution for this is to clear out your XMPP "Connect Server" field (you may then run into problems if your DNS is misconfigured, but it'll get rid of this problem).

comment:3 Changed 4 years ago by dandv

No dice. I removed "talk.google.com" from the Google Apps account, but I get "Unable to connect".

comment:4 Changed 4 years ago by datallah

Right, that's the DNS problem I was talking about. See this FAQ entry.

comment:5 Changed 4 years ago by datallah

  • Status changed from new to pending

comment:6 Changed 4 years ago by trac-robot

  • Status changed from pending to closed

This ticket was closed automatically by the system. It was previously set to a Pending status and hasn't been updated within 14 days.

comment:7 Changed 4 years ago by dandv

The link at the FAQ entry points to Meebo's FAQ, which is dead. An Archive.org copy of it is at http://web.archive.org/web/20121025195939/http://www.meebo.com/support/article/41/ It links to Google's FAQ, which has different XMPP server domain names: http://support.google.com/a/bin/answer.py?hl=en&answer=34143

Can someone update Pidgin's own FAQ with the authoritative information?

comment:8 Changed 4 years ago by dandv

Verified settings, updated wiki. Thanks everyone.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!