getting "connection is untrusted" warnings

Bug #828756 reported by Marc Deslauriers
972
This bug affects 195 people
Affects Status Importance Assigned to Milestone
ca-certificates-java (Ubuntu)
Invalid
Undecided
Unassigned
empathy (Ubuntu)
Invalid
High
Unassigned
icedtea-web (Ubuntu)
Invalid
Undecided
Unassigned
p11-kit (Ubuntu)
Fix Released
High
Unassigned
Oneiric
Fix Released
High
Unassigned
telepathy-gabble (Debian)
Incomplete
Unknown

Bug Description

Since updating to Oneiric, empathy is giving me "connection is untrusted" warning dialogs. For some reason, it's not verifying the certificate properly. For security reasons, this needs to get fixed.

See attached screenshot.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: empathy 3.1.5-1ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-8.11-generic 3.0.1
Uname: Linux 3.0.0-8-generic x86_64
Architecture: amd64
Date: Thu Aug 18 09:36:06 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha amd64 (20110302)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: empathy
UpgradeStatus: Upgraded to oneiric on 2011-08-16 (2 days ago)

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
visibility: private → public
Changed in empathy (Ubuntu):
status: New → Confirmed
Changed in empathy (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
Changed in empathy (Ubuntu):
assignee: nobody → Ken VanDine (ken-vandine)
Revision history for this message
pschonmann (pschonmann) wrote :

Empathy doesnt respect my choice to remember allowed certifiactes, still asking me when starting empathy.

Revision history for this message
Ken VanDine (ken-vandine) wrote :

telepathy-gabble thinks it is a self-signed certificate even though it isn't. I have reproduced the bug, but only on 1 of 3 oneiric installs.

Perhaps it is a ca-certificates configuration issue... still investigating.

Revision history for this message
William Grant (wgrant) wrote :

gabble is configured to use /etc/ssl/certs/ca-certificates.crt, and manually validating the problematic chains against that file succeeds. So I'm pretty sure it's a problem somewhere in gabble.

Changed in telepathy-gabble (Debian):
status: Unknown → New
Revision history for this message
Laurent Bigonville (bigon) wrote :

Alright, this was due to a bug in gnome-keyring, 3.1.90.1 should fix this

Changed in telepathy-gabble (Debian):
status: New → Incomplete
Changed in gnome-keyring (Ubuntu):
status: New → Confirmed
Changed in gnome-keyring (Ubuntu Oneiric):
importance: Undecided → High
milestone: none → ubuntu-11.10-beta-2
Revision history for this message
Sebastien Bacher (seb128) wrote :

should be fixed with today updates

Changed in gnome-keyring (Ubuntu Oneiric):
status: Confirmed → Fix Released
Revision history for this message
Paul Hoell (hoellp) wrote :

Confirming the fix, the error at start time is gone.

tags: added: rls-mgr-o-tracking
Revision history for this message
Jeremy Bicha (jbicha) wrote :

I believe this is fixed; I'm not getting certificate errors after the gnome-keyring upgrade.

Changed in empathy (Ubuntu Oneiric):
status: Triaged → Fix Released
Revision history for this message
u-foka (ufooka) wrote :

Hy!

The bug was solved by the gnome-keyring 3.1.91-0ubuntu4 upgrade about a week ago, but now it's back with 3.1.92-0ubuntu1 :(

What's happening?

Revision history for this message
Eduard Hasenleithner (eduard-hasenleithner) wrote :

That is true, bug is back again :(

Revision history for this message
Matthew Gregg (mcg) wrote :

Confirming that this was fixed and has been now broken again.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Reopening, since I'm getting it too with the new gnome-keyring.

Changed in gnome-keyring (Ubuntu Oneiric):
status: Fix Released → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

Not a gnome-keyring bug, the original fix is still in place, and I got the "untrusted connection" errors with the previous version of keyring as well.

Changed in gnome-keyring (Ubuntu Oneiric):
status: Confirmed → Fix Released
Changed in empathy (Ubuntu Oneiric):
status: Fix Released → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

Reopening empathy task instead.

Revision history for this message
Ken VanDine (ken-vandine) wrote :

Marking the empathy task invalid, this is a regression in gnome-keyring between gnome-keyring 3.1.91-0ubuntu4 and 3.1.91-0ubuntu1

Changed in empathy (Ubuntu Oneiric):
status: Confirmed → Invalid
Changed in gnome-keyring (Ubuntu Oneiric):
milestone: ubuntu-11.10-beta-2 → ubuntu-11.10
status: Fix Released → Confirmed
assignee: nobody → Ken VanDine (ken-vandine)
Changed in empathy (Ubuntu Oneiric):
assignee: Ken VanDine (ken-vandine) → nobody
Revision history for this message
Ken VanDine (ken-vandine) wrote :

Correction to the previous comment:

regression in gnome-keyring between gnome-keyring 3.1.91-0ubuntu4 and 3.1.92-0ubuntu1

Revision history for this message
Martin Pitt (pitti) wrote :

Ken, are you sure? I got these errors with 3.1.91 as well. These are SSL certificate errors, what does gnome-keyring have to do with them?

Revision history for this message
Ken VanDine (ken-vandine) wrote :

I am sure, I am not sure how it uses the keyring exactly, maybe it uses it to store known exceptions. I know upstream told us it would be fixed in gnome-keyring 3.1.91, several people confirmed it was fixed after gnome-kerying 3.1.91 was uploaded and I downgraded to 3.1.91-0ubuntu4 and it is working for me. Upgrading to 3.1.92 breaks it again. I am going to bisect gnome-keyring to see where it broke.

affects: gnome-keyring (Ubuntu Oneiric) → p11-kit (Ubuntu Oneiric)
Changed in p11-kit (Ubuntu Oneiric):
milestone: ubuntu-11.10 → none
Changed in p11-kit (Ubuntu Oneiric):
milestone: none → ubuntu-11.10
Revision history for this message
Jason Ticehlzuk (jtonk) wrote :

I've been getting these in Firefox as well since updating to Oneiric.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package p11-kit - 0.6-0ubuntu2

---------------
p11-kit (0.6-0ubuntu2) oneiric; urgency=low

  * debian/rules
    - Added --with-module-path to work around (LP: #828756)
 -- Ken VanDine <email address hidden> Mon, 26 Sep 2011 13:40:28 -0400

Changed in p11-kit (Ubuntu Oneiric):
status: Confirmed → Fix Released
Revision history for this message
Jarl (jarl-dk) wrote :

I also experience this in firefox using icedtea-plugin. on this url
https://www.netbank.nordea.dk/netbank/index.jsp
Attached are screenshots

Revision history for this message
Jarl (jarl-dk) wrote :

More attachments

Revision history for this message
Jarl (jarl-dk) wrote :

more image

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in icedtea-web (Ubuntu Oneiric):
status: New → Confirmed
Changed in icedtea-web (Ubuntu):
status: New → Confirmed
Revision history for this message
Jarl (jarl-dk) wrote :

Oh I forgot to mention: it is on a fresh kubuntu 11.10 install amd64

tags: added: icedtea plugin
Revision history for this message
Jarl (jarl-dk) wrote :

And here is the textual version (clicking copy to clipboard) of the certificate:

Version 3
Serial 134678584529721923331408176609551902556
Signature Algorithm SHA1withRSA
Issuer OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Validity Validity: [From: Thu May 21 02:00:00 CEST 2009,
               To: Tue May 21 01:59:59 CEST 2019]
Subject CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature 0000: 8B 03 C0 DD 94 D8 41 A2 61 69 B0 15 A8 78 C7 30 ......A.ai...x.0
0010: C6 90 3C 7E 42 F7 24 B6 E4 83 73 17 04 7F 04 10 ..<.B.$...s.....
0020: 9C A1 E2 FA 81 2F EB C0 CA 44 E7 72 E0 50 B6 55 ...../...D.r.P.U
0030: 10 20 83 6E 96 92 E4 9A 51 6A B4 37 31 DC A5 2D . .n....Qj.71..-
0040: EB 8C 00 C7 1D 4F E7 4D 32 BA 85 F8 4E BE FA 67 .....O.M2...N..g
0050: 55 65 F0 6A BE 7A CA 64 38 1A 10 10 78 45 76 31 Ue.j.z.d8...xEv1
0060: F3 86 7A 03 0F 60 C2 B3 5D 9D F6 8B 66 76 82 1B ..z..`..]...fv..
0070: 59 E1 83 E5 BD 49 A5 38 56 E5 DE 41 77 0E 58 0F Y....I.8V..Aw.X.

MD5 Fingerprint 56:10:5F:6D:97:18:DE:7F:83:52:1E:3A:40:F8:68:AF
SHA1 Fingerprint 12:D4:87:2B:C3:EF:01:9E:7E:0B:6F:13:24:80:AE:29:DB:5B:1C:A3

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ca-certificates-java (Ubuntu Oneiric):
status: New → Confirmed
Changed in ca-certificates-java (Ubuntu):
status: New → Confirmed
Changed in p11-kit (Ubuntu):
assignee: Ken VanDine (ken-vandine) → nobody
Changed in p11-kit (Ubuntu Oneiric):
assignee: Ken VanDine (ken-vandine) → nobody
Revision history for this message
userdce (userdce) wrote :

here on Precise 12.04

Revision history for this message
3vi1 (launchpad-net-eternaldusk) wrote :

>> here on Precise 12.04

Ditto. Looks like the problem is back.

Revision history for this message
Ron Ellis (rkeiii) wrote :

Had to switch back to pidgin because of this ><

Revision history for this message
François Prot (francois-prot) wrote :

It is not possible to ignore SSL errors if you declare your account as a "Google Talk" one.

I managed to declare my GTalk account as a "jabber" one and chose to ignore SSL errors :

Encryption required – CHECKED
Ignore SSL certificate errors – CHECKED
Resource – BLANK
Priority – 0
Server – talk.google.com
Port – 5223
Use old SSL – CHECKED

At least there is no more warning that pops up every 5 minutes.

It is an acceptable workaround for me, but I find it confusing that I needed to switch to a manual "jabber" configuration to do that.

Revision history for this message
Ian Nicholson (imnichol) wrote : Re: [Bug 828756] Re: getting "connection is untrusted" warnings

On 11/29/2011 10:33 AM, François Prot wrote:
> It is not possible to ignore SSL errors if you declare your account as a
> "Google Talk" one.
>
> I managed to declare my GTalk account as a "jabber" one and chose to
> ignore SSL errors :
>
> Encryption required – CHECKED
> Ignore SSL certificate errors – CHECKED
> Resource – BLANK
> Priority – 0
> Server – talk.google.com
> Port – 5223
> Use old SSL – CHECKED
>
> At least there is no more warning that pops up every 5 minutes.
>
> It is an acceptable workaround for me, but I find it confusing that I
> needed to switch to a manual "jabber" configuration to do that.
>
Unfortunately for me, my account is on my personal jabber server, set up
as a jabber account in empathy, so that workaround doesn't help me.

Revision history for this message
Radim (radim-tobolka) wrote :

@Ken VanDine: Hi Ken, according to comment #20, it would seem, that upgrading to libp11-kit (0.6-0ubuntu2) fixes the problem. However, I've this version installed and this bug still manifests in empathy. gnome-keyring is at version 3.2.2-0ubuntu0 by the way. Do you have any idea, what might be the problem? I will gladly supply any additional info if needed.

Revision history for this message
Tomasz Kaczmarczyk (kaczmarczykt) wrote :

On Xubuntu 11.10 I solved that issue by turning on
>Launch GNOME services on startup in Settings Manager -> Session and startup

http://askubuntu.com/questions/104696/how-to-get-rid-of-untrusted-connection-error-in-empathy

Revision history for this message
Ernst Sjöstrand (ernstp) wrote :

I haven't seen this problem in a very long time now!

Revision history for this message
Radim (radim-tobolka) wrote :

On the contrary, I still experience this problem with empathy 3.2.0.1 and Oneiric.

Revision history for this message
mikey (abc-mikey) wrote :

Hi, I think this may be a problem with the gnome-keyring not loading the right components in non-Gnome sessions (I also don't think it's really a bug). The different components can be viewed with:

grep Exec= /etc/xdg/autostart/gnome-keyring-*.desktop

The specific component that causes a certificate problem with Empathy appears to be pkcs11.

In XFCE starting Launch GNome Services on Startup from Advanced in Sessions and Startup might fix it.

If you're using a Window Manager like I am that needs you to manually start services then you can launch them with a command like:

gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh

amith kk (amith)
Changed in empathy (Ubuntu):
status: Invalid → Confirmed
Changed in empathy (Ubuntu Oneiric):
status: Invalid → Confirmed
Revision history for this message
amith kk (amith) wrote :
Revision history for this message
Jem (jem-mawson) wrote :

I have this issue in 12.04 beta 2.

Revision history for this message
Brian Curtis (bcurtiswx) wrote :

Will anyone having this issue in Precise (12.04) non-alpha/beta release please let me know the following:
- Steps to reproduce
- Which protocol this is happening with (i.e. AIM, GTalk, Jabber, Facebook, etc...)
- type 'apport-collect 828756'

no longer affects: ca-certificates-java (Ubuntu Oneiric)
no longer affects: empathy (Ubuntu Oneiric)
no longer affects: icedtea-web (Ubuntu Oneiric)
Changed in empathy (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
bealer (robertbeal) wrote :

I have this issue on 12.04 (Final Release)
- Google Talk protocol

The account is the same as used with 11.04 and 11.10. Nothing has changed in my home directory. But now upon connecting I get a popup telling me the connection is untrusted. I can check to trust the connection, but upon clicking OK, Empathy doesn't connect.

The solution is to re-enter my password for the account, but I don't want to be doing this every time I boot up!

When running Empathy from terminal I noticed this message:
(empathy:16611): folks-WARNING **: Failed to find primary PersonaStore with type ID 'eds' and ID 'system'.
Individuals will not be linked properly and creating new links between Personas will not work.
The configured primary PersonaStore's backend may not be installed. If you are unsure, check with your distribution.

Revision history for this message
Brian Curtis (bcurtiswx) wrote :

What version of folks are you using

type 'apt-cache policy libfolks25' and 'apt-cache policy telepathy-gabble'

Please provide steps that we can take to reproduce your issue.

Revision history for this message
reinaert albrecht (pacasals) wrote :

libfolks25:
  Installed: 0.6.8-2
  Candidate: 0.6.8-2
  Version table:
 *** 0.6.8-2 0
        500 http://be.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

telepathy-gabble:
  Installed: 0.16.0-0ubuntu1
  Candidate: 0.16.0-0ubuntu1
  Version table:
 *** 0.16.0-0ubuntu1 0
        500 http://be.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

I'm using XFCE without gnome-daemon on (don't tell me I need to enable it, I don't need all the extra fluf). The end result is that I have manually unlock gnome-keyring and that the above problem keeps cropping up.

Revision history for this message
PeterPall (peterpall) wrote :

I am using the current alpha of quantal with an ordinary gnome-shell session (Have uninstalled unity). The dialog pops up at least once a day.

Revision history for this message
PeterPall (peterpall) wrote :

libfolks25:
  Installed: 0.6.9-1build1
  Candidate: 0.6.9-1build1
  Version table:
 *** 0.6.9-1build1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages
        100 /var/lib/dpkg/status
telepathy-gabble:
  Installed: 0.16.0-3
  Candidate: 0.16.0-3
  Version table:
 *** 0.16.0-3 0
        500 http://gb.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages
        100 /var/lib/dpkg/status

...and I have tha pam module installed that unlocks my key ring on login.

tags: added: apport-collected quantal
Revision history for this message
PeterPall (peterpall) wrote : apport information

ApportVersion: 2.1.1-0ubuntu2
Architecture: amd64
DistroRelease: Ubuntu 12.10
EcryptfsInUse: Yes
Package: icedtea-web
PackageArchitecture: all
ProcVersionSignature: Ubuntu 3.4.0-5.11-generic 3.4.0
Tags: quantal
Uname: Linux 3.4.0-5-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lp lpadmin plugdev sambashare sudo

Revision history for this message
PeterPall (peterpall) wrote : Dependencies.txt

apport information

Revision history for this message
PeterPall (peterpall) wrote : ProcEnviron.txt

apport information

Revision history for this message
PeterPall (peterpall) wrote :

Potentially Interresting fact:

in gnome-session-properties there isn't an entry for "gnome--services" on my computer. Perhaps systems that are affected by this problem are lacking a package.

Revision history for this message
PeterPall (peterpall) wrote :

In the internet I found (but lost again) a discussion about the same certificate using a different program on a different operating system. There somebody stated that the certificate is in fact neither self-signed nor directly issued by a trusted cerfification authority but signed by google's intermediate certification authority, instead.
AFAIK this is generally counted as secure by software, though.

Revision history for this message
Damien Concordel (damien-concordel) wrote :

Ussing Precise, with Empathy 3.4.2.1

I have different desktop environments installed (Unity - Gnome classic - Gnome 3 - Openbox).

In Unity and Gnome *, it works fine, but in Openbox I always get the errors for all three of the accounts registered: GTalk, MSN and Facebook Chat. When I tell it to connect anyway, it just comes up with the same error again, never managing to actually connect.

I did notice, when starting one program from the terminal, that OB wasn't able to access gnome-keyring, but I'm not using the keyring at all (that I know of)

Revision history for this message
PeterPall (peterpall) wrote :

In quantal the problem seems to be no longer reproducible. Is it still there in oneiric?

@damien: Normally if you tell the system to remember passwords they are saved into the gnome-keyring.
If there is no keyring there is no source empathy can getthe passwords from - except perhaps asking you for the passwords on every start up. Not sure if this might be your problem.

Revision history for this message
Adam Lyall (magicmyth) wrote :

I get this same issue in KDE when using kde-telepathy's chat program or when using Empathy in KDE. However, it does not occur under Unity.

This is Ubuntu 12.04:
libfolks25 0.6.8-2
telepathy-gabble 0.16.0-0ubuntu2

Revision history for this message
Garrett Guillotte (gguillotte-t) wrote :

Reproducible in 12.10 Quantal release and Openbox on the stock repo. Doesn't affect Gnome, Gnome Classic, Unity.

Revision history for this message
Garrett Guillotte (gguillotte-t) wrote :

$ apt-cache policy libfolks25
libfolks25:
  Installed: 0.6.9-1+b1
  Candidate: 0.6.9-1+b1
  Version table:
 *** 0.6.9-1+b1 0
        500 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
        100 /var/lib/dpkg/status

$ apt-cache policy telepathy-gabble
telepathy-gabble:
  Installed: 0.16.1-2
  Candidate: 0.16.1-2
  Version table:
 *** 0.16.1-2 0
        500 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
        100 /var/lib/dpkg/status

$ apt-cache policy openbox
openbox:
  Installed: 3.5.0-4
  Candidate: 3.5.0-4
  Version table:
 *** 3.5.0-4 0
        500 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
        100 /var/lib/dpkg/status

$ set EMPATHY_DEBUG=all
$ empathy
WARNING: gnome-keyring:: couldn't connect to: /home/username/.cache/keyring-T4C37g/pkcs11: No such file or directory

(empathy:32676): folks-WARNING **: Error preparing persona store 'eds:1350672878.5564.23@gguillotte-0': Couldn't open address book ‘1350672878.5564.23@gguillotte-0’: Authentication Required

(empathy:32676): folks-WARNING **: Error preparing persona store 'eds:1350672713.5564.2@gguillotte-0': Couldn't open address book ‘1350672713.5564.2@gguillotte-0’: Cannot open book: Address book does not exist

(empathy:32676): folks-WARNING **: Failed to find primary PersonaStore with type ID 'eds' and ID '1350672878.5564.23@gguillotte-0'.
Individuals will not be linked properly and creating new links between Personas will not work.
The configured primary PersonaStore's backend may not be installed. If you are unsure, check with your distribution.

Revision history for this message
Jarl (jarl-dk) wrote :

This is still a problem in 12.10 using icedtea-6-plugin and is easily verified by visiting
https://www.netbank.nordea.dk/netbank/index.jsp

Revision history for this message
nh2 (nh2) wrote :

Still getting this on fully updated 12.04 with own XMPP server.

Also reported at https://bugzilla.gnome.org/show_bug.cgi?id=690971

Is it know what the issue is by now?

Revision history for this message
Eugene Minov (minov-eug) wrote :

HI

I've got exact same problem in Ubuntu 12.10 when installed and logged into LXDE desktop manager.

#sudo apt-get install lxde

Before installing lxde all was ok.
I use empathy only with google account.
Ubuntu 12.10 Amd64.

Sorry, I dubled post in duplicate bug report:
https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/640018

Revision history for this message
Ethan Glasser-Camp (ethan-glasser-camp) wrote :

I just encountered this in KDE and it went away when I removed telepathy-gnome. (I'm using ktp-contactlist.)

Revision history for this message
Grant Ashman (thoughtcoder) wrote :

Confirming that this issue exists using Empathy on 13.04 as well.
I can provide log output if required.

Revision history for this message
Adam Porter (alphapapa) wrote :

This is really frustrating. It happens on one of my Kubuntu 12.10 systems, but not on the other one. I'm also getting self-signed cert errors in other apps since I started trying to use Telepathy! It was fine until yesterday!

telepathy-gnome:
  Installed: (none)
  Candidate: 26
  Version table:
     26 0
        500 http://us.archive.ubuntu.com/ubuntu/ quantal/universe i386 Packages
telepathy-gabble:
  Installed: 0.16.1-2
  Candidate: 0.16.1-2
  Version table:
 *** 0.16.1-2 0
        500 http://us.archive.ubuntu.com/ubuntu/ quantal/main i386 Packages
        100 /var/lib/dpkg/status
libfolks25:
  Installed: 0.7.4.1-0ubuntu1
  Candidate: 0.7.4.1-0ubuntu1
  Version table:
 *** 0.7.4.1-0ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ quantal/main i386 Packages
        100 /var/lib/dpkg/status

Also:

$ ps -A u | grep gnome
me 3301 0.0 0.0 17092 3096 ? Sl Mar12 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
me 3734 0.0 0.1 45860 3916 ? Sl Mar12 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

$ gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh
gnome-keyring-daemon: insufficient process capabilities, unsecure memory might get used
GNOME_KEYRING_CONTROL=/home/me/.cache/keyring-LYDpsb
SSH_AUTH_SOCK=/home/me/.cache/keyring-LYDpsb/ssh
GPG_AGENT_INFO=/home/me/.cache/keyring-LYDpsb/gpg:0:1

$ ps -A u | grep gnome
me 3301 0.0 0.0 17092 3096 ? Sl Mar12 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
me 3734 0.0 0.1 45860 3916 ? Sl Mar12 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

I don't know if that gnome-keyring-daemon error is relevant, but I do see that the pkcs11 component isn't running...I don't know if that's relevant either.

Revision history for this message
Adam Porter (alphapapa) wrote :

Ok, as far as KDE goes, the fix is to remove empathy. For some reason, when empathy was installed, the KDE Telepathy stuff was using empathy to authenticate, and it was failing. The Gtk error box and non-KDE desktop notification should have tipped me off sooner, but it wasn't until I brought up the KWin Special Application Settings for the Gtk "self-signed certificate" error box and saw that it was from the empathy process that I made the connection.

After removing empathy, when I tried to connect to GTalk, I got a kdewallet prompt, clicked Allow Always, and now it works fine.

I don't know why KDE was using empathy when it didn't need to.

Revision history for this message
James Cook (james-cook) wrote :

I can confirm this on 12.04 when connecting to GTalk using empathy. Notes:
- Using LXDE, I see "connection untrusted".
- Using Unity, there is no error and it works fine.
- Comment #39 fixes it for me when using LXDE.

Revision history for this message
Joseph Maillardet (jokx) wrote :

Also affect Ubuntu 13.04 + Gnome3 team PPA / Gnome 3.8

Ask me anything that can help.

Revision history for this message
apienk (andrzej-pienkowski) wrote :

I might have a clue. The bug appeared right after I added 'empathy -h' to auto-start applications, and it manifests on every cold (reboot) or warm start (after hibernating). So it seems that gnome-keyring daemon is still restarting while empathy tries to access the certificates. A simple wait would fix it.

Ubuntu 12.04.2 LTS 3.2.0-47-generic amd64 using Unity shell
empathy 3.4.2.3-0ubuntu1
gnome-keyring 3.2.2-2ubuntu4.2

Revision history for this message
apienk (andrzej-pienkowski) wrote :

Nope, wait fixes nothing. The bug is still manifesting. Additionally, when I enter empathy-accounts to remove GTalk account, it just crashes. There's a bug report already filed on this.

Revision history for this message
PeterPall (peterpall) wrote : Re: [Bug 828756] Re: getting "connection is untrusted" warnings

Are you using two- factor-authentication?

apienk <email address hidden> schrieb:
>Nope, wait fixes nothing. The bug is still manifesting. Additionally,
>when I enter empathy-accounts to remove GTalk account, it just crashes.
>There's a bug report already filed on this.
>
>--
>You received this bug notification because you are subscribed to the
>bug
>report.
>https://bugs.launchpad.net/bugs/828756
>
>Title:
> getting "connection is untrusted" warnings
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/828756/+subscriptions

--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Revision history for this message
PeterPall (peterpall) wrote :

On the current installation of saucy the bug seems to be fixed.

Revision history for this message
nh2 (nh2) wrote :

Ubuntu 12.04 and 13.04 empathys can still not connect without ssl errors.

Revision history for this message
Dennis Schridde (devurandom) wrote : apport information

ApportVersion: 2.0.1-0ubuntu17.6
Architecture: i386
DistroRelease: Ubuntu 12.04
InstallationMedia: Bodhi 12.04 - Release i386
MarkForUpload: True
Package: icedtea-web
PackageArchitecture: all
ProcVersionSignature: Ubuntu 3.2.0-57.87-generic 3.2.52
Tags: precise third-party-packages
Uname: Linux 3.2.0-57-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

tags: added: precise third-party-packages
Revision history for this message
Dennis Schridde (devurandom) wrote : Dependencies.txt

apport information

Revision history for this message
Dennis Schridde (devurandom) wrote : ProcEnviron.txt

apport information

Revision history for this message
Dennis Schridde (devurandom) wrote : apport information

ApportVersion: 2.0.1-0ubuntu17.6
Architecture: i386
DistroRelease: Ubuntu 12.04
InstallationMedia: Bodhi 12.04 - Release i386
MarkForUpload: True
Package: icedtea-web
PackageArchitecture: all
ProcVersionSignature: Ubuntu 3.2.0-57.87-generic 3.2.52
Tags: precise third-party-packages
Uname: Linux 3.2.0-57-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

Revision history for this message
Dennis Schridde (devurandom) wrote : Dependencies.txt

apport information

Revision history for this message
Dennis Schridde (devurandom) wrote : ProcEnviron.txt

apport information

Revision history for this message
Dennis Schridde (devurandom) wrote :

I get this error within my Enlightenment session.

I originally installed Ubuntu as Bodhi, but then disabled its repositories and have since reinstalled *every* package with --force-confnew --force-confask to get rid of this issue. This did not help at all.

What did help is the instruction in comment #39. Instructions for E17:
* Settings Console -> Applications -> Desktop Environments:
   + Start GNOME Services on login
* Settings Console -> Applications -> Autostart Applications:
   + PolicyKit Authentication Agent (this bug is also reported against p11-kit, so I figured I might enable it, even though it seems unrelated)
   + Certificate And Key Storage (this is probably the most important one, but I did not bother to test it alone)
   + Secret Storage Service
   + GPG Password Agent
   + SSH Key Agent

Please note that *both* settings were necessary. Just starting the GNOME Services did not help.

libfolks25:
  Installiert: 0.6.8-2
  Kandidat: 0.6.8-2
  Versionstabelle:
 *** 0.6.8-2 0
        500 http://de.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status
telepathy-gabble:
  Installiert: 0.16.0-0ubuntu3.1
  Kandidat: 0.16.0-0ubuntu3.1
  Versionstabelle:
 *** 0.16.0-0ubuntu3.1 0
        500 http://de.archive.ubuntu.com/ubuntu/ precise-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu/ precise-security/main i386 Packages
        100 /var/lib/dpkg/status
     0.16.0-0ubuntu1 0
        500 http://de.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
e17:
  Installiert: 1:0.17.5-1ppa1~precise
  Kandidat: 1:0.17.5-1ppa1~precise
  Versionstabelle:
 *** 1:0.17.5-1ppa1~precise 0
        500 http://ppa.launchpad.net/efl/trunk/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status
     0.16.999.55225-1build1 0
        500 http://de.archive.ubuntu.com/ubuntu/ precise/universe i386 Packages

Revision history for this message
Jarl (jarl-dk) wrote :

This is still a problem in 13.10. It is very easy to confirm on https://www.netbank.nordea.dk/netbank/index.jsp

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This is an ancient bug and likely no longer applies to recent releases. As such, I am closing it.

If anyone is still hitting this issue with current releases, please file a new bug.

Changed in ca-certificates-java (Ubuntu):
status: Confirmed → Invalid
Changed in empathy (Ubuntu):
status: Incomplete → Invalid
Changed in icedtea-web (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.