getting "connection is untrusted" warnings

Bug #828756 reported by Marc Deslauriers on 2011-08-18
978
This bug affects 196 people
Affects Status Importance Assigned to Milestone
ca-certificates-java (Ubuntu)
Undecided
Unassigned
empathy (Ubuntu)
High
Unassigned
icedtea-web (Ubuntu)
Undecided
Unassigned
p11-kit (Ubuntu)
High
Unassigned
Oneiric
High
Unassigned
telepathy-gabble (Debian)
Incomplete
Unknown

Bug Description

Since updating to Oneiric, empathy is giving me "connection is untrusted" warning dialogs. For some reason, it's not verifying the certificate properly. For security reasons, this needs to get fixed.

See attached screenshot.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: empathy 3.1.5-1ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-8.11-generic 3.0.1
Uname: Linux 3.0.0-8-generic x86_64
Architecture: amd64
Date: Thu Aug 18 09:36:06 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha amd64 (20110302)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: empathy
UpgradeStatus: Upgraded to oneiric on 2011-08-16 (2 days ago)

Marc Deslauriers (mdeslaur) wrote :
visibility: private → public
Changed in empathy (Ubuntu):
status: New → Confirmed
Changed in empathy (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
Changed in empathy (Ubuntu):
assignee: nobody → Ken VanDine (ken-vandine)
pschonmann (pschonmann) wrote :

Empathy doesnt respect my choice to remember allowed certifiactes, still asking me when starting empathy.

Ken VanDine (ken-vandine) wrote :

telepathy-gabble thinks it is a self-signed certificate even though it isn't. I have reproduced the bug, but only on 1 of 3 oneiric installs.

Perhaps it is a ca-certificates configuration issue... still investigating.

William Grant (wgrant) wrote :

gabble is configured to use /etc/ssl/certs/ca-certificates.crt, and manually validating the problematic chains against that file succeeds. So I'm pretty sure it's a problem somewhere in gabble.

Changed in telepathy-gabble (Debian):
status: Unknown → New
Laurent Bigonville (bigon) wrote :

Alright, this was due to a bug in gnome-keyring, 3.1.90.1 should fix this

Changed in telepathy-gabble (Debian):
status: New → Incomplete
Changed in gnome-keyring (Ubuntu):
status: New → Confirmed
Changed in gnome-keyring (Ubuntu Oneiric):
importance: Undecided → High
milestone: none → ubuntu-11.10-beta-2
Sebastien Bacher (seb128) wrote :

should be fixed with today updates

Changed in gnome-keyring (Ubuntu Oneiric):
status: Confirmed → Fix Released
Paul Hoell (hoellp) wrote :

Confirming the fix, the error at start time is gone.

tags: added: rls-mgr-o-tracking
Jeremy Bicha (jbicha) wrote :

I believe this is fixed; I'm not getting certificate errors after the gnome-keyring upgrade.

Changed in empathy (Ubuntu Oneiric):
status: Triaged → Fix Released
u-foka (ufooka) wrote :

Hy!

The bug was solved by the gnome-keyring 3.1.91-0ubuntu4 upgrade about a week ago, but now it's back with 3.1.92-0ubuntu1 :(

What's happening?

That is true, bug is back again :(

Matthew Gregg (mcg) wrote :

Confirming that this was fixed and has been now broken again.

Marc Deslauriers (mdeslaur) wrote :

Reopening, since I'm getting it too with the new gnome-keyring.

Changed in gnome-keyring (Ubuntu Oneiric):
status: Fix Released → Confirmed
Martin Pitt (pitti) wrote :

Not a gnome-keyring bug, the original fix is still in place, and I got the "untrusted connection" errors with the previous version of keyring as well.

Changed in gnome-keyring (Ubuntu Oneiric):
status: Confirmed → Fix Released
Changed in empathy (Ubuntu Oneiric):
status: Fix Released → Confirmed
Martin Pitt (pitti) wrote :

Reopening empathy task instead.

Ken VanDine (ken-vandine) wrote :

Marking the empathy task invalid, this is a regression in gnome-keyring between gnome-keyring 3.1.91-0ubuntu4 and 3.1.91-0ubuntu1

Changed in empathy (Ubuntu Oneiric):
status: Confirmed → Invalid
Changed in gnome-keyring (Ubuntu Oneiric):
milestone: ubuntu-11.10-beta-2 → ubuntu-11.10
status: Fix Released → Confirmed
assignee: nobody → Ken VanDine (ken-vandine)
Changed in empathy (Ubuntu Oneiric):
assignee: Ken VanDine (ken-vandine) → nobody
Ken VanDine (ken-vandine) wrote :

Correction to the previous comment:

regression in gnome-keyring between gnome-keyring 3.1.91-0ubuntu4 and 3.1.92-0ubuntu1

Martin Pitt (pitti) wrote :

Ken, are you sure? I got these errors with 3.1.91 as well. These are SSL certificate errors, what does gnome-keyring have to do with them?

Ken VanDine (ken-vandine) wrote :

I am sure, I am not sure how it uses the keyring exactly, maybe it uses it to store known exceptions. I know upstream told us it would be fixed in gnome-keyring 3.1.91, several people confirmed it was fixed after gnome-kerying 3.1.91 was uploaded and I downgraded to 3.1.91-0ubuntu4 and it is working for me. Upgrading to 3.1.92 breaks it again. I am going to bisect gnome-keyring to see where it broke.

affects: gnome-keyring (Ubuntu Oneiric) → p11-kit (Ubuntu Oneiric)
Changed in p11-kit (Ubuntu Oneiric):
milestone: ubuntu-11.10 → none
Changed in p11-kit (Ubuntu Oneiric):
milestone: none → ubuntu-11.10
Jason Ticehlzuk (jtonk) wrote :

I've been getting these in Firefox as well since updating to Oneiric.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package p11-kit - 0.6-0ubuntu2

---------------
p11-kit (0.6-0ubuntu2) oneiric; urgency=low

  * debian/rules
    - Added --with-module-path to work around (LP: #828756)
 -- Ken VanDine <email address hidden> Mon, 26 Sep 2011 13:40:28 -0400

Changed in p11-kit (Ubuntu Oneiric):
status: Confirmed → Fix Released
Jarl (jarl-dk) wrote :

I also experience this in firefox using icedtea-plugin. on this url
https://www.netbank.nordea.dk/netbank/index.jsp
Attached are screenshots

Jarl (jarl-dk) wrote :

More attachments

Jarl (jarl-dk) wrote :

more image

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in icedtea-web (Ubuntu Oneiric):
status: New → Confirmed
Changed in icedtea-web (Ubuntu):
status: New → Confirmed
Jarl (jarl-dk) wrote :

Oh I forgot to mention: it is on a fresh kubuntu 11.10 install amd64

tags: added: icedtea plugin
Jarl (jarl-dk) wrote :

And here is the textual version (clicking copy to clipboard) of the certificate:

Version 3
Serial 134678584529721923331408176609551902556
Signature Algorithm SHA1withRSA
Issuer OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Validity Validity: [From: Thu May 21 02:00:00 CEST 2009,
               To: Tue May 21 01:59:59 CEST 2019]
Subject CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature 0000: 8B 03 C0 DD 94 D8 41 A2 61 69 B0 15 A8 78 C7 30 ......A.ai...x.0
0010: C6 90 3C 7E 42 F7 24 B6 E4 83 73 17 04 7F 04 10 ..<.B.$...s.....
0020: 9C A1 E2 FA 81 2F EB C0 CA 44 E7 72 E0 50 B6 55 ...../...D.r.P.U
0030: 10 20 83 6E 96 92 E4 9A 51 6A B4 37 31 DC A5 2D . .n....Qj.71..-
0040: EB 8C 00 C7 1D 4F E7 4D 32 BA 85 F8 4E BE FA 67 .....O.M2...N..g
0050: 55 65 F0 6A BE 7A CA 64 38 1A 10 10 78 45 76 31 Ue.j.z.d8...xEv1
0060: F3 86 7A 03 0F 60 C2 B3 5D 9D F6 8B 66 76 82 1B ..z..`..]...fv..
0070: 59 E1 83 E5 BD 49 A5 38 56 E5 DE 41 77 0E 58 0F Y....I.8V..Aw.X.

MD5 Fingerprint 56:10:5F:6D:97:18:DE:7F:83:52:1E:3A:40:F8:68:AF
SHA1 Fingerprint 12:D4:87:2B:C3:EF:01:9E:7E:0B:6F:13:24:80:AE:29:DB:5B:1C:A3

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ca-certificates-java (Ubuntu Oneiric):
status: New → Confirmed
Changed in ca-certificates-java (Ubuntu):
status: New → Confirmed
Changed in p11-kit (Ubuntu):
assignee: Ken VanDine (ken-vandine) → nobody
Changed in p11-kit (Ubuntu Oneiric):
assignee: Ken VanDine (ken-vandine) → nobody
userdce (userdce) wrote :

here on Precise 12.04

>> here on Precise 12.04

Ditto. Looks like the problem is back.

Ron Ellis (rkeiii) wrote :

Had to switch back to pidgin because of this ><

François Prot (francois-prot) wrote :

It is not possible to ignore SSL errors if you declare your account as a "Google Talk" one.

I managed to declare my GTalk account as a "jabber" one and chose to ignore SSL errors :

Encryption required – CHECKED
Ignore SSL certificate errors – CHECKED
Resource – BLANK
Priority – 0
Server – talk.google.com
Port – 5223
Use old SSL – CHECKED

At least there is no more warning that pops up every 5 minutes.

It is an acceptable workaround for me, but I find it confusing that I needed to switch to a manual "jabber" configuration to do that.

On 11/29/2011 10:33 AM, François Prot wrote:
> It is not possible to ignore SSL errors if you declare your account as a
> "Google Talk" one.
>
> I managed to declare my GTalk account as a "jabber" one and chose to
> ignore SSL errors :
>
> Encryption required – CHECKED
> Ignore SSL certificate errors – CHECKED
> Resource – BLANK
> Priority – 0
> Server – talk.google.com
> Port – 5223
> Use old SSL – CHECKED
>
> At least there is no more warning that pops up every 5 minutes.
>
> It is an acceptable workaround for me, but I find it confusing that I
> needed to switch to a manual "jabber" configuration to do that.
>
Unfortunately for me, my account is on my personal jabber server, set up
as a jabber account in empathy, so that workaround doesn't help me.

Radim (radim-tobolka) wrote :

@Ken VanDine: Hi Ken, according to comment #20, it would seem, that upgrading to libp11-kit (0.6-0ubuntu2) fixes the problem. However, I've this version installed and this bug still manifests in empathy. gnome-keyring is at version 3.2.2-0ubuntu0 by the way. Do you have any idea, what might be the problem? I will gladly supply any additional info if needed.

On Xubuntu 11.10 I solved that issue by turning on
>Launch GNOME services on startup in Settings Manager -> Session and startup

http://askubuntu.com/questions/104696/how-to-get-rid-of-untrusted-connection-error-in-empathy

Ernst Sjöstrand (ernstp) wrote :

I haven't seen this problem in a very long time now!

Radim (radim-tobolka) wrote :

On the contrary, I still experience this problem with empathy 3.2.0.1 and Oneiric.

mikey (abc-mikey) wrote :

Hi, I think this may be a problem with the gnome-keyring not loading the right components in non-Gnome sessions (I also don't think it's really a bug). The different components can be viewed with:

grep Exec= /etc/xdg/autostart/gnome-keyring-*.desktop

The specific component that causes a certificate problem with Empathy appears to be pkcs11.

In XFCE starting Launch GNome Services on Startup from Advanced in Sessions and Startup might fix it.

If you're using a Window Manager like I am that needs you to manually start services then you can launch them with a command like:

gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh

amith kk (amith) on 2012-03-23
Changed in empathy (Ubuntu):
status: Invalid → Confirmed
Changed in empathy (Ubuntu Oneiric):
status: Invalid → Confirmed
Jem (jem-mawson) wrote :

I have this issue in 12.04 beta 2.

Brian Curtis (bcurtiswx) wrote :

Will anyone having this issue in Precise (12.04) non-alpha/beta release please let me know the following:
- Steps to reproduce
- Which protocol this is happening with (i.e. AIM, GTalk, Jabber, Facebook, etc...)
- type 'apport-collect 828756'

no longer affects: ca-certificates-java (Ubuntu Oneiric)
no longer affects: empathy (Ubuntu Oneiric)
no longer affects: icedtea-web (Ubuntu Oneiric)
Changed in empathy (Ubuntu):
status: Confirmed → Incomplete
bealer (robertbeal) wrote :

I have this issue on 12.04 (Final Release)
- Google Talk protocol

The account is the same as used with 11.04 and 11.10. Nothing has changed in my home directory. But now upon connecting I get a popup telling me the connection is untrusted. I can check to trust the connection, but upon clicking OK, Empathy doesn't connect.

The solution is to re-enter my password for the account, but I don't want to be doing this every time I boot up!

When running Empathy from terminal I noticed this message:
(empathy:16611): folks-WARNING **: Failed to find primary PersonaStore with type ID 'eds' and ID 'system'.
Individuals will not be linked properly and creating new links between Personas will not work.
The configured primary PersonaStore's backend may not be installed. If you are unsure, check with your distribution.

Brian Curtis (bcurtiswx) wrote :

What version of folks are you using

type 'apt-cache policy libfolks25' and 'apt-cache policy telepathy-gabble'

Please provide steps that we can take to reproduce your issue.

reinaert albrecht (pacasals) wrote :

libfolks25:
  Installed: 0.6.8-2
  Candidate: 0.6.8-2
  Version table:
 *** 0.6.8-2 0
        500 http://be.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

telepathy-gabble:
  Installed: 0.16.0-0ubuntu1
  Candidate: 0.16.0-0ubuntu1
  Version table:
 *** 0.16.0-0ubuntu1 0
        500 http://be.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

I'm using XFCE without gnome-daemon on (don't tell me I need to enable it, I don't need all the extra fluf). The end result is that I have manually unlock gnome-keyring and that the above problem keeps cropping up.

PeterPall (peterpall) wrote :

I am using the current alpha of quantal with an ordinary gnome-shell session (Have uninstalled unity). The dialog pops up at least once a day.

PeterPall (peterpall) wrote :

libfolks25:
  Installed: 0.6.9-1build1
  Candidate: 0.6.9-1build1
  Version table:
 *** 0.6.9-1build1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages
        100 /var/lib/dpkg/status
telepathy-gabble:
  Installed: 0.16.0-3
  Candidate: 0.16.0-3
  Version table:
 *** 0.16.0-3 0
        500 http://gb.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages
        100 /var/lib/dpkg/status

...and I have tha pam module installed that unlocks my key ring on login.

tags: added: apport-collected quantal

ApportVersion: 2.1.1-0ubuntu2
Architecture: amd64
DistroRelease: Ubuntu 12.10
EcryptfsInUse: Yes
Package: icedtea-web
PackageArchitecture: all
ProcVersionSignature: Ubuntu 3.4.0-5.11-generic 3.4.0
Tags: quantal
Uname: Linux 3.4.0-5-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lp lpadmin plugdev sambashare sudo

apport information

apport information

PeterPall (peterpall) wrote :

Potentially Interresting fact:

in gnome-session-properties there isn't an entry for "gnome--services" on my computer. Perhaps systems that are affected by this problem are lacking a package.

PeterPall (peterpall) wrote :

In the internet I found (but lost again) a discussion about the same certificate using a different program on a different operating system. There somebody stated that the certificate is in fact neither self-signed nor directly issued by a trusted cerfification authority but signed by google's intermediate certification authority, instead.
AFAIK this is generally counted as secure by software, though.

Ussing Precise, with Empathy 3.4.2.1

I have different desktop environments installed (Unity - Gnome classic - Gnome 3 - Openbox).

In Unity and Gnome *, it works fine, but in Openbox I always get the errors for all three of the accounts registered: GTalk, MSN and Facebook Chat. When I tell it to connect anyway, it just comes up with the same error again, never managing to actually connect.

I did notice, when starting one program from the terminal, that OB wasn't able to access gnome-keyring, but I'm not using the keyring at all (that I know of)

PeterPall (peterpall) wrote :

In quantal the problem seems to be no longer reproducible. Is it still there in oneiric?

@damien: Normally if you tell the system to remember passwords they are saved into the gnome-keyring.
If there is no keyring there is no source empathy can getthe passwords from - except perhaps asking you for the passwords on every start up. Not sure if this might be your problem.

Adam Lyall (magicmyth) wrote :

I get this same issue in KDE when using kde-telepathy's chat program or when using Empathy in KDE. However, it does not occur under Unity.

This is Ubuntu 12.04:
libfolks25 0.6.8-2
telepathy-gabble 0.16.0-0ubuntu2

Reproducible in 12.10 Quantal release and Openbox on the stock repo. Doesn't affect Gnome, Gnome Classic, Unity.

$ apt-cache policy libfolks25
libfolks25:
  Installed: 0.6.9-1+b1
  Candidate: 0.6.9-1+b1
  Version table:
 *** 0.6.9-1+b1 0
        500 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
        100 /var/lib/dpkg/status

$ apt-cache policy telepathy-gabble
telepathy-gabble:
  Installed: 0.16.1-2
  Candidate: 0.16.1-2
  Version table:
 *** 0.16.1-2 0
        500 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
        100 /var/lib/dpkg/status

$ apt-cache policy openbox
openbox:
  Installed: 3.5.0-4
  Candidate: 3.5.0-4
  Version table:
 *** 3.5.0-4 0
        500 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
        100 /var/lib/dpkg/status

$ set EMPATHY_DEBUG=all
$ empathy
WARNING: gnome-keyring:: couldn't connect to: /home/username/.cache/keyring-T4C37g/pkcs11: No such file or directory

(empathy:32676): folks-WARNING **: Error preparing persona store 'eds:1350672878.5564.23@gguillotte-0': Couldn't open address book ‘1350672878.5564.23@gguillotte-0’: Authentication Required

(empathy:32676): folks-WARNING **: Error preparing persona store 'eds:1350672713.5564.2@gguillotte-0': Couldn't open address book ‘1350672713.5564.2@gguillotte-0’: Cannot open book: Address book does not exist

(empathy:32676): folks-WARNING **: Failed to find primary PersonaStore with type ID 'eds' and ID '1350672878.5564.23@gguillotte-0'.
Individuals will not be linked properly and creating new links between Personas will not work.
The configured primary PersonaStore's backend may not be installed. If you are unsure, check with your distribution.

Jarl (jarl-dk) wrote :

This is still a problem in 12.10 using icedtea-6-plugin and is easily verified by visiting
https://www.netbank.nordea.dk/netbank/index.jsp

nh2 (nh2) wrote :

Still getting this on fully updated 12.04 with own XMPP server.

Also reported at https://bugzilla.gnome.org/show_bug.cgi?id=690971

Is it know what the issue is by now?

Eugene Minov (minov-eug) wrote :

HI

I've got exact same problem in Ubuntu 12.10 when installed and logged into LXDE desktop manager.

#sudo apt-get install lxde

Before installing lxde all was ok.
I use empathy only with google account.
Ubuntu 12.10 Amd64.

Sorry, I dubled post in duplicate bug report:
https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/640018

I just encountered this in KDE and it went away when I removed telepathy-gnome. (I'm using ktp-contactlist.)

Grant Ashman (thoughtcoder) wrote :

Confirming that this issue exists using Empathy on 13.04 as well.
I can provide log output if required.

Adam Porter (alphapapa) wrote :

This is really frustrating. It happens on one of my Kubuntu 12.10 systems, but not on the other one. I'm also getting self-signed cert errors in other apps since I started trying to use Telepathy! It was fine until yesterday!

telepathy-gnome:
  Installed: (none)
  Candidate: 26
  Version table:
     26 0
        500 http://us.archive.ubuntu.com/ubuntu/ quantal/universe i386 Packages
telepathy-gabble:
  Installed: 0.16.1-2
  Candidate: 0.16.1-2
  Version table:
 *** 0.16.1-2 0
        500 http://us.archive.ubuntu.com/ubuntu/ quantal/main i386 Packages
        100 /var/lib/dpkg/status
libfolks25:
  Installed: 0.7.4.1-0ubuntu1
  Candidate: 0.7.4.1-0ubuntu1
  Version table:
 *** 0.7.4.1-0ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ quantal/main i386 Packages
        100 /var/lib/dpkg/status

Also:

$ ps -A u | grep gnome
me 3301 0.0 0.0 17092 3096 ? Sl Mar12 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
me 3734 0.0 0.1 45860 3916 ? Sl Mar12 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

$ gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh
gnome-keyring-daemon: insufficient process capabilities, unsecure memory might get used
GNOME_KEYRING_CONTROL=/home/me/.cache/keyring-LYDpsb
SSH_AUTH_SOCK=/home/me/.cache/keyring-LYDpsb/ssh
GPG_AGENT_INFO=/home/me/.cache/keyring-LYDpsb/gpg:0:1

$ ps -A u | grep gnome
me 3301 0.0 0.0 17092 3096 ? Sl Mar12 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
me 3734 0.0 0.1 45860 3916 ? Sl Mar12 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

I don't know if that gnome-keyring-daemon error is relevant, but I do see that the pkcs11 component isn't running...I don't know if that's relevant either.

Adam Porter (alphapapa) wrote :

Ok, as far as KDE goes, the fix is to remove empathy. For some reason, when empathy was installed, the KDE Telepathy stuff was using empathy to authenticate, and it was failing. The Gtk error box and non-KDE desktop notification should have tipped me off sooner, but it wasn't until I brought up the KWin Special Application Settings for the Gtk "self-signed certificate" error box and saw that it was from the empathy process that I made the connection.

After removing empathy, when I tried to connect to GTalk, I got a kdewallet prompt, clicked Allow Always, and now it works fine.

I don't know why KDE was using empathy when it didn't need to.

James Cook (james-cook) wrote :

I can confirm this on 12.04 when connecting to GTalk using empathy. Notes:
- Using LXDE, I see "connection untrusted".
- Using Unity, there is no error and it works fine.
- Comment #39 fixes it for me when using LXDE.

Joseph Maillardet (jokx) wrote :

Also affect Ubuntu 13.04 + Gnome3 team PPA / Gnome 3.8

Ask me anything that can help.

apienk (andrzej-pienkowski) wrote :

I might have a clue. The bug appeared right after I added 'empathy -h' to auto-start applications, and it manifests on every cold (reboot) or warm start (after hibernating). So it seems that gnome-keyring daemon is still restarting while empathy tries to access the certificates. A simple wait would fix it.

Ubuntu 12.04.2 LTS 3.2.0-47-generic amd64 using Unity shell
empathy 3.4.2.3-0ubuntu1
gnome-keyring 3.2.2-2ubuntu4.2

apienk (andrzej-pienkowski) wrote :

Nope, wait fixes nothing. The bug is still manifesting. Additionally, when I enter empathy-accounts to remove GTalk account, it just crashes. There's a bug report already filed on this.

Are you using two- factor-authentication?

apienk <email address hidden> schrieb:
>Nope, wait fixes nothing. The bug is still manifesting. Additionally,
>when I enter empathy-accounts to remove GTalk account, it just crashes.
>There's a bug report already filed on this.
>
>--
>You received this bug notification because you are subscribed to the
>bug
>report.
>https://bugs.launchpad.net/bugs/828756
>
>Title:
> getting "connection is untrusted" warnings
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/828756/+subscriptions

--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

PeterPall (peterpall) wrote :

On the current installation of saucy the bug seems to be fixed.

nh2 (nh2) wrote :

Ubuntu 12.04 and 13.04 empathys can still not connect without ssl errors.

ApportVersion: 2.0.1-0ubuntu17.6
Architecture: i386
DistroRelease: Ubuntu 12.04
InstallationMedia: Bodhi 12.04 - Release i386
MarkForUpload: True
Package: icedtea-web
PackageArchitecture: all
ProcVersionSignature: Ubuntu 3.2.0-57.87-generic 3.2.52
Tags: precise third-party-packages
Uname: Linux 3.2.0-57-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

tags: added: precise third-party-packages

apport information

apport information

ApportVersion: 2.0.1-0ubuntu17.6
Architecture: i386
DistroRelease: Ubuntu 12.04
InstallationMedia: Bodhi 12.04 - Release i386
MarkForUpload: True
Package: icedtea-web
PackageArchitecture: all
ProcVersionSignature: Ubuntu 3.2.0-57.87-generic 3.2.52
Tags: precise third-party-packages
Uname: Linux 3.2.0-57-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

apport information

apport information

Dennis Schridde (devurandom) wrote :

I get this error within my Enlightenment session.

I originally installed Ubuntu as Bodhi, but then disabled its repositories and have since reinstalled *every* package with --force-confnew --force-confask to get rid of this issue. This did not help at all.

What did help is the instruction in comment #39. Instructions for E17:
* Settings Console -> Applications -> Desktop Environments:
   + Start GNOME Services on login
* Settings Console -> Applications -> Autostart Applications:
   + PolicyKit Authentication Agent (this bug is also reported against p11-kit, so I figured I might enable it, even though it seems unrelated)
   + Certificate And Key Storage (this is probably the most important one, but I did not bother to test it alone)
   + Secret Storage Service
   + GPG Password Agent
   + SSH Key Agent

Please note that *both* settings were necessary. Just starting the GNOME Services did not help.

libfolks25:
  Installiert: 0.6.8-2
  Kandidat: 0.6.8-2
  Versionstabelle:
 *** 0.6.8-2 0
        500 http://de.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status
telepathy-gabble:
  Installiert: 0.16.0-0ubuntu3.1
  Kandidat: 0.16.0-0ubuntu3.1
  Versionstabelle:
 *** 0.16.0-0ubuntu3.1 0
        500 http://de.archive.ubuntu.com/ubuntu/ precise-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu/ precise-security/main i386 Packages
        100 /var/lib/dpkg/status
     0.16.0-0ubuntu1 0
        500 http://de.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
e17:
  Installiert: 1:0.17.5-1ppa1~precise
  Kandidat: 1:0.17.5-1ppa1~precise
  Versionstabelle:
 *** 1:0.17.5-1ppa1~precise 0
        500 http://ppa.launchpad.net/efl/trunk/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status
     0.16.999.55225-1build1 0
        500 http://de.archive.ubuntu.com/ubuntu/ precise/universe i386 Packages

Jarl (jarl-dk) wrote :

This is still a problem in 13.10. It is very easy to confirm on https://www.netbank.nordea.dk/netbank/index.jsp

Marc Deslauriers (mdeslaur) wrote :

This is an ancient bug and likely no longer applies to recent releases. As such, I am closing it.

If anyone is still hitting this issue with current releases, please file a new bug.

Changed in ca-certificates-java (Ubuntu):
status: Confirmed → Invalid
Changed in empathy (Ubuntu):
status: Incomplete → Invalid
Changed in icedtea-web (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.