Ubuntu
empathy package

empathy does not display certificate error, interface for importing certificates missing

Bug #480791 reported by Mitja Kleider
62
This bug affects 11 people
Affects Status Importance Assigned to Milestone
Empathy
Expired
Wishlist
meta-telepathy
Fix Released
Medium
empathy (Ubuntu)
Triaged
Low
Unassigned

Bug Description

Binary package hint: empathy

Ubuntu 9.10

$ dpkg -s empathy
Version: 2.28.1.1-0ubuntu1

Try to connect empathy to a server via SSL/TLS which provides an untrusted certificate.
Empathy will report "Network error" without further information.

Empathy does not provide any way to import the certificate. The only option available in account settings is to ignore any certificate error (allowing man-in-the-middle attacks).

Revision history for this message
In , Eitan-isaacson (eitan-isaacson) wrote :

When exchanging certificates, either during a server handshake, or an E2E handshake, there needs to be an API that would expose the certificate verification procedure to end-clients so that they could render the process interactive and allow the user to perform a "leap of faith".

Revision history for this message
In , Eitan-isaacson (eitan-isaacson) wrote :

A branch of wocky that is accommodating the implementation of this is here:
http://git.collabora.co.uk/?p=user/eitan/wocky.git;a=summary

A telepathy-gabble branch is soon to follow..

Revision history for this message
Omer Akram (om26er) wrote :

reported it upstream but i think its a feature request that doesnot exist in empathy or might already exist in 2.29.x any one plz mark this wishlist and of low importance

Sebastien Bacher (seb128)
Changed in empathy (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
importance: Undecided → Low
status: New → Triaged
Revision history for this message
John McPherson (jrm+launchpadbugs) wrote :

Note that the debug log doesn't even mention anything about ssl or certificates, at least when trying to connect to a jabber server that requires TLS. Just a generic "network error" message is given which seems to imply a TCP/IP problem. So no users will know that they have to go Edit -> Accounts -> Advanced -> "Ignore SSL certificate errors" unless they are psychic.

Also, if you go to google and start typing "empathy jabber", the only autocompletion that google gives is "empathy jabber network error", with 16,000 hits.

Anyway, the link to the upstream bug is https://bugzilla.gnome.org/show_bug.cgi?id=606535

Revision history for this message
In , Eitan-isaacson (eitan-isaacson) wrote :

Updated spec is here:
http://git.collabora.co.uk/?p=user/eitan/telepathy-spec.git;a=summary

Gabble implementation is here:
http://git.collabora.co.uk/?p=user/eitan/telepathy-gabble.git;a=summary

Wocky changes are here:
http://git.collabora.co.uk/?p=user/eitan/wocky.git;a=summary

This all works together, awaiting review and cosimoc's XTLS implementation.

Bug Watch Updater (bug-watch-updater)
Changed in empathy:
status: Unknown → Confirmed
Revision history for this message
miq (miq601) wrote :

"network error" message occurs when a jabber server certificate changes. There is no simple way to delete the old certificate. "Ignore SSL certificate errors" does not work in this case.

Revision history for this message
Laurent Bigonville (bigon) wrote :

@miq well the certificate is not stored by any telepathy components. So I guess the issue is else where

Revision history for this message
In , Cosimo Cecchi (cosimoc) wrote :

I am working on another approach for this, outlined here:

http://lists.freedesktop.org/archives/telepathy/2010-June/004621.html

Updated spec branch is here

http://git.collabora.co.uk/?p=user/cosimoc/telepathy-spec.git;a=shortlog;h=refs/heads/xtls-proposal

I yet have to implement it in Gabble.

Revision history for this message
MBybee (mike-bybee) wrote :

Still getting this issue as of August 3rd, hope someone has a workaround!

Revision history for this message
MBybee (mike-bybee) wrote :

For 'edit->accounts->advanced' on TLS OCS account, there is no 'ignore SSL certificate errors' selection as of Ubuntu 10.04, Empathy 2.30.2

Bug Watch Updater (bug-watch-updater)
Changed in meta-telepathy:
importance: Unknown → Medium
status: Unknown → In Progress
Bug Watch Updater (bug-watch-updater)
Changed in empathy:
importance: Unknown → Wishlist
Revision history for this message
nh2 (nh2) wrote :

Freedesktop upstream says this has been resolved, see org.freedesktop.Telepathy.Channel.Type.ServerTLSConnection. Not sure what this means, is it just a change in telepathy which still requires empathy to do some UI stuff?

Bug Watch Updater (bug-watch-updater)
Changed in meta-telepathy:
importance: Medium → Unknown
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in meta-telepathy:
importance: Unknown → Medium
Omer Akram (om26er)
Changed in empathy (Ubuntu):
assignee: Ubuntu Desktop Bugs (desktop-bugs) → nobody
Bug Watch Updater (bug-watch-updater)
Changed in empathy:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.