Gajim gives a spurious SSL certificate when Gajim can't find pyasn1
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gajim (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Duck Duck Go, the privacy-focused search engine company, runs an XMPP service at dukgo.com:
https:/
When connecting, Gajim 0.15.4 shows the following error message:
"Error verifying SSL certificate
There was an error verifying the SSL certificate of your jabber server: The authenticity of the dukgo.com certificate could be invalid.
The certificate does not cover this domain."
Other IM clients (including Pidgin) work just fine with this server, so Gajim is obviously missing something. Perhaps it's failing to look at the certificate's Subject Alt Name?
I was unable to work around the problem by putting the certificate's Common Name (duck.co) into Gajim's Connect Server advanced config. This suggests that Gajim is checking the Common Name against something other than the server name it used to connect. If that is the case, it would be a second bug.
I discovered the problem on ubuntu 14.04 (trusty) amd64.
| Forest (foresto) wrote | #1 |
| summary: |
- Gajim gives a spurious SSL certificate error on dukgo.com + Gajim gives a spurious SSL certificate when Gajim can't find pyasn1 |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in gajim (Ubuntu): | |
| status: | New → Confirmed |
| Changed in gajim (Ubuntu): | |
| status: | Confirmed → Fix Released |
Turns out that this failure occurs when Gajim can't import the pyasn1 package. So, it looks like the bug could be solved by telling the user the real problem, rather than claiming that the server certificate is bad.