Opened 2 years ago

Closed 18 months ago

#17118 closed defect (fixed)

SSL peer presented an invalid certificate

Reported by: iammyr Owned by: deryni
Milestone: Component: XMPP
Version: 2.11.0 Keywords: google certificate ssl
Cc: bennyboom

Description

I created a new XMPP account to connect to Google Talks as follows: Basic:

  • username: my google username (i.e., without @gmail.com)
  • domain: gmail.com
  • password: the app password I generated on my google account (since my own usual password wouldn't have worked given I have the 2 steps verification activated)

Advanced:

  • Require encryption
  • Port 5222 (default)
  • file transfer proxies: proxy.eu.jabber.org (default)

Proxy:

  • use global proxy settings (default)

Other accounts like IRC do connect properly. Only this XMPP one doesn't. In fact, I get the following error: "SSL certificate error - Unable to validate certificate - The certificate for gmail.com could not be validated. The certificate chain presented is invalid. - SSL peer presented an invalid certificate"

And in the debug:

(14:12:31) account: Connecting to account XXX@gmail.com/.
(14:12:31) connection: Connecting. gc = 0x7fae936d27f0
(14:12:31) dnssrv: querying SRV record for gmail.com: _xmpp-client._tcp.gmail.com
(14:12:31) dnssrv: found 5 SRV entries
(14:12:31) dnsquery: Performing DNS lookup for xmpp.l.google.com
(14:12:31) dns: Wait for DNS child 19238 failed: No child processes
(14:12:31) dns: Created new DNS child 19254, there are now 1 children.
(14:12:31) dns: Successfully sent DNS request to child 19254
(14:12:31) dns: Got response for 'xmpp.l.google.com'
(14:12:31) dnsquery: IP resolved for xmpp.l.google.com
(14:12:31) proxy: Attempting connection to 74.125.71.125
(14:12:31) proxy: Connecting to xmpp.l.google.com:5222 with no proxy
(14:12:31) proxy: Connection in progress
(14:12:31) proxy: Connecting to xmpp.l.google.com:5222.
(14:12:31) proxy: Connected to xmpp.l.google.com:5222.
(14:12:31) jabber: Sending (XXX@gmail.com): <?xml version='1.0' ?>
(14:12:31) jabber: Sending (XXX@gmail.com): <stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(14:12:31) jabber: Recv (379): <stream:stream from="gmail.com" id="C87F9170025A4FA9" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism></mechanisms></stream:features>
(14:12:31) jabber: Sending (XXX@gmail.com): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(14:12:31) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
(14:12:31) gnutls: Starting handshake with gmail.com
(14:12:31) gnutls: Handshake complete
(14:12:31) gnutls/x509: Key print: b0:d2:b9:d4:9a:e9:1f:d8:af:6a:b3:df:2f:fb:db:1c:26:39:28:4e
(14:12:31) gnutls/x509: Key print: d6:ad:07:c6:67:56:30:f5:7b:92:7f:66:be:8c:e1:f7:68:f8:79:48
(14:12:31) gnutls/x509: Key print: 73:59:75:5c:6d:f9:a0:ab:c3:06:0b:ce:36:95:64:c8:ec:45:42:a3
(14:12:31) gnutls: Peer provided 3 certs
(14:12:31) gnutls: Lvl 0 SHA1 fingerprint: b0:d2:b9:d4:9a:e9:1f:d8:af:6a:b3:df:2f:fb:db:1c:26:39:28:4e
(14:12:31) gnutls: Serial: 1b:53:bc:55:bd:ba:bf:6c
(14:12:31) gnutls: Cert DN: C=US,ST=California,L=Mountain View,O=Google Inc,CN=gmail.com
(14:12:31) gnutls: Cert Issuer DN: C=US,O=Google Inc,CN=XXXGoogle Internet Authority G2
(14:12:31) gnutls: Lvl 1 SHA1 fingerprint: d6:ad:07:c6:67:56:30:f5:7b:92:7f:66:be:8c:e1:f7:68:f8:79:48
(14:12:31) gnutls: Serial: 02:3a:92
(14:12:31) gnutls: Cert DN: C=US,O=Google Inc,CN=Google Internet Authority G2
(14:12:31) gnutls: Cert Issuer DN: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
(14:12:31) gnutls: Lvl 2 SHA1 fingerprint: 73:59:75:5c:6d:f9:a0:ab:c3:06:0b:ce:36:95:64:c8:ec:45:42:a3
(14:12:31) gnutls: Serial: 12:bb:e6
(14:12:31) gnutls: Cert DN: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
(14:12:31) gnutls: Cert Issuer DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
(14:12:31) certificate/x509/tls_cached: Starting verify for gmail.com
(14:12:31) certificate/x509/tls_cached: Checking for cached cert...
(14:12:31) certificate/x509/tls_cached: ...Not in cache
(14:12:31) gnutls/x509: Certificate C=US,ST=California,L=Mountain View,O=Google Inc,CN=gmail.com is issued by C=US,O=Google Inc,CN=Google Internet Authority G2, which does not match C=US,ST=California,L=Mountain View,O=Google Inc,CN=gmail.com.
(14:12:31) certificate: Checking signature chain for uid=C=US,ST=California,L=Mountain View,O=Google Inc,CN=gmail.com
(14:12:31) certificate: ...Good signature by C=US,O=Google Inc,CN=Google Internet Authority G2
(14:12:31) certificate: ...Good signature by C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
(14:12:31) certificate: Chain is VALID
(14:12:31) certificate/x509/tls_cached: Checking for a CA with DN=C=US,O=Equifax,OU=Equifax Secure Certificate Authority
(14:12:31) certificate/x509/tls_cached: Also checking for a CA with DN=C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
(14:12:31) gnutls: Attempting to load X.509 certificates from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/CAcert_Class3.pem
(14:12:31) certificate/x509/ca: Loaded CAcert Class 3 Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/CAcert_Class3.pem
(14:12:31) gnutls: Attempting to load X.509 certificates from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/CAcert_Root.pem
(14:12:31) certificate/x509/ca: Loaded CA Cert Signing Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/CAcert_Root.pem
(14:12:31) gnutls: Attempting to load X.509 certificates from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Certum Trusted Network CA 2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded SZAFIR ROOT CA2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded CA WoSign ECC Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Certification Authority of WoSign G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded OISTE WISeKey Global Root GB CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Certinomis - Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded CFCA EV ROOT from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Entrust Root Certification Authority - EC1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Entrust Root Certification Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded IdenTrust Public Sector Root CA 1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded IdenTrust Commercial Root CA 1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Staat der Nederlanden EV Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Staat der Nederlanden Root CA - G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GlobalSign from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GlobalSign from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded USERTrust ECC Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded USERTrust RSA Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded COMODO RSA Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded CA 沃通根证书 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Certification Authority of WoSign from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DigiCert Trusted Root G4 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DigiCert Global Root G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DigiCert Global Root G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DigiCert Assured ID Root G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DigiCert Assured ID Root G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 3 G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 2 G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 1 G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Atos TrustedRoot 2011 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded T-TeleSec GlobalRoot Class 2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded E-Tugra Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded TeliaSonera Root CA v1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded TWCA Global Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded ACCVRAIZ1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded CA Disig Root R2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded CA Disig Root R1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Swisscom Root EV CA 2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Swisscom Root CA 2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded China Internet Network Information Center EV Certificates Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded PSCProcert from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded D-TRUST Root Class 3 CA 2 EV 2009 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded D-TRUST Root Class 3 CA 2 2009 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded EE Certification Centre Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded T-TeleSec GlobalRoot Class 3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Buypass Class 3 Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Buypass Class 2 Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded StartCom Certification Authority G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded StartCom Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Actalis Authentication Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Hellenic Academic and Research Institutions RootCA 2011 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded EC-ACC from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded TWCA Root Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Root CA Generalitat Valenciana from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Certinomis - Autorité Racine from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Certum Trusted Network CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AffirmTrust Premium ECC from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AffirmTrust Premium from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AffirmTrust Networking from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AffirmTrust Commercial from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Starfield Services Root Certificate Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Starfield Root Certificate Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Go Daddy Root Certificate Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Global Chambersign Root - 2008 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Chambers of Commerce Root - 2008 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Izenpe.com from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Autoridad de Certificacion Firmaprofesional CIF A62634068 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GlobalSign from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Microsec e-Szigno Root CA 2009 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded ACEDICOM Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded SecureSign RootCA11 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Hongkong Post Root CA 1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Juur-SK from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Staat der Nederlanden Root CA - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded NetLock Arany (Class Gold) Főtanúsítvány from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certification Authority - G4 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded VeriSign Universal Root Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GeoTrust Primary Certification Authority - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded thawte Primary Root CA - G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded thawte Primary Root CA - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GeoTrust Primary Certification Authority - G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded CNNIC ROOT from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded EBG Elektronik Sertifika Hizmet Sağlayıcısı from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Buypass Class 2 CA 1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Cybertrust Global Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Deutsche Telekom Root CA 2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Certigna from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Microsec e-Szigno Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded OISTE WISeKey Global Root GA CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded IGC/A from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded COMODO ECC Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded WellsSecure Public Root Certificate Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Network Solutions Certificate Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded COMODO Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Secure Global CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded SecureTrust CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certification Authority - G5 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded thawte Primary Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GeoTrust Primary Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded SwissSign Silver CA - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded SwissSign Gold CA - G2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DST ACES CA X6 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DST Root CA X3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Class 2 Primary CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DigiCert High Assurance EV Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DigiCert Global Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded DigiCert Assured ID Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Swisscom Root CA 1 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded StartCom Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded XRamp Global Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Global Chambersign Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Chambers of Commerce Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded UTN-USERFirst-Hardware from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Sonera Class2 CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded QuoVadis Root CA 2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded QuoVadis Root Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Trusted Certificate Services from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Secure Certificate Services from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AAA Certificate Services from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Certum CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Visa eCommerce Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GeoTrust Universal CA 2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GeoTrust Universal CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GeoTrust Global CA 2 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GeoTrust Global CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) gnutls/x509: Failed to get Common Name
(14:12:31) certificate/x509/ca: Loaded (unknown) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Entrust Root Certification Authority from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AddTrust Qualified CA Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AddTrust Public CA Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AddTrust External CA Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded AddTrust Class 1 CA Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Baltimore CyberTrust Root from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded Entrust.net Certification Authority (2048) from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certification Authority - G3 from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GlobalSign from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Loaded GlobalSign Root CA from /usr/local/Cellar/pidgin/2.11.0/share/purple/ca-certs/mozilla.pem
(14:12:31) certificate/x509/ca: Lazy init completed.
(14:12:31) gnutls/x509: Certificate C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA is issued by C=US,O=Equifax,OU=Equifax Secure Certificate Authority, which does not match C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA.
(14:12:31) certificate: Failed to verify certificate for gmail.com
(14:12:31) connection: Connection error on 0x7fae936d27f0 (reason: 15 description: SSL peer presented an invalid certificate)
(14:12:31) account: Disconnecting account XXX@gmail.com/ (0x7fae9344e950)

Pidgin: Pidgin 2.11.0 (libpurple 2.11.0) installed via brew OS: OS X El Capitan version 10.11.6

Change History (6)

comment:1 Changed 2 years ago by bennyboom

I have the same issue with my Google Hangout account

comment:2 Changed 2 years ago by viacheslavg

The same issue for my with 2.11.0 version.

What I notice is when pidgin requests SSL certificeate from google (during login) it gets cert with CN=gmail.com, but when I export gmail certificate from browser it has CN=*.google.com thus (I suppose) pidgin refuses it.

So, the question is either: 1) how to get google certificate with CN=gmail.com (to import it in pidgin) or 2) make pidgin accept certificate with CN=*.google.com

For option 1) I did a lot of tries to get cert with smth like: $ openssl s_client -showcerts -connect google.com:443

but in all cases I get CN=*.google.com which is not accepted by pidgin at login.

comment:3 Changed 2 years ago by viacheslavg

Finally I've got the correct way for option 1). To get SSL certificate with CN=gmail.com use following command:

$ openssl s_client -showcerts -servername gmail.com -connect gmail.com:443

this will retrieve correct certificate with CN=gmail.com

after importing it into pidgin (Tools->Certificates) it should work fine.

comment:4 Changed 18 months ago by dx

  • Status changed from new to pending

Does this still happen with 2.12.0? There are relevant fixes.

comment:5 Changed 18 months ago by viacheslavg

Works fine with 2.12.0. Thanks!

comment:6 Changed 18 months ago by dx

  • Resolution set to fixed
  • Status changed from pending to closed
Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!