Konfiruration Problem

[Pope Greg]

Hallo,

It doen’t work The Tutorial is NOT exact enough!
Es funktioniert einfach nicht, das Tutorial ist an den entscheidenden
Punkten zu ungenau.
Hier meine Jabber Daten (Mail):

  Du hast eben über   http://einfachjabber.de einen
neuen

Jabber-Account registriert.

Die Benutzerdaten dazu lauten:

 

Benutzername:  
radiofutu...@jabber-server.de

Passwort: Cxx

 

Auf   http://einfachjabber.de findest du
Anleitungen für

verschiedene Client-Programme.



Was muß hier eingetragen werden?
What I have to write here:

Protokoll: XMPP
Benutzer: RadioFuture2
Domain: jabber-server.de  (oder einfachjabber.de)??
Ressource: Home (?)
Passwort Cxxx

Alles untendrunter leer gelassen (Benutzereinstellungen). 
Everything below I left EMPTY

Was wird in den 2. Reiter ‚Erweitert‘ eingetragen? Verbindungssicherheit?
Verbindungsport: 5222 () Verbindungsserver: jabber-server.de ()
Proxy: proxy.eu.jabber.org (??) Bosh-URL leer lasssen (???) Zeige
benutzerdefinierte Smilie:  Haken 


Bitte dringend um Support, bei mir erscheint:

radiofutu...@einfachjabber.de/Home deaktiviert, Nicht autorisiert

Vielen Dank
Gruß
Gregor Plum



 

-
Dark Regards
Papst Greg


Beschreibung: LOGO_ueberschrift_transparent

auf Radio Rheinwelle 92,5
via UKW 92,5, Kabel & Webradio

Net:   www.radiofuture2.de

Kontakt:
  m...@radiofuture2.de
  papst_gre...@radiofuture2.de
  mixmaste...@radiofuture2.de
  sat...@radiofuture2.de

Snail Mail:
Radio Future 2
attn. Gregor Plum
Reifenberger Str. 8
61440 Oberursel
Germany


Jetzt auch - mit individuellem Programm - 
als Webableger auf Laut.FM!!!
  www.laut.fm/radiofuture2

-

 

 

<>___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[David Woolley]

Matthias Apitz wrote:

El día Friday, January 18, 2013 a las 04:34:03PM +, David Woolley escribió:

Probably because one would have to use all of the Windows public key 
infrastructure, instead of the open source implementation.


The non-Windows ones are probably designed for use with OpenSSL.

In Matthias' case, he ran a system call trace, and Pidgin is using 
/usr/local/share/purple/ca-certs, which is clearly a private store in 
Pidgin.  This is on FreeBSD.


Note: the directory /usr/local/share/purple/ca-certs is not writeable
by normal users, it is owned by 'root'; i.e. the files
there have been stored when I compiled(!) and installed pidgin in December 2011


These are not files that should be updated quietly as they are critical 
to the security of encrypted IM services.   As they are private to 
Pidgin, they can only safely be updated by installing a later version of 
Pidgin, or by explicitly placing them there yourself.  However, even the 
latest version has long dead certificates.


I would guess that, on a system with shared root certificates, they 
would be updated by the standard package update procedure.


In fact, as I think I noted off list, on Windows, for applications using 
the Windows certificate store, updates aren't actually automatic.  That 
is probably because an organisation seriously interested in security 
would only want to enable certain certification services from certain 
certifiers.  Very few people have heard of most of the organisations 
that Microsoft allow to vouch for a site's identity, and even the well 
known ones have various levels of check on the identity of the people 
they certify.



--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[Matthias Apitz]

El día Friday, January 18, 2013 a las 04:34:03PM +, David Woolley escribió:

> Probably because one would have to use all of the Windows public key 
> infrastructure, instead of the open source implementation.
> 
> The non-Windows ones are probably designed for use with OpenSSL.
> 
> In Matthias' case, he ran a system call trace, and Pidgin is using 
> /usr/local/share/purple/ca-certs, which is clearly a private store in 
> Pidgin.  This is on FreeBSD.

Note: the directory /usr/local/share/purple/ca-certs is not writeable
by normal users, it is owned by 'root'; i.e. the files
there have been stored when I compiled(!) and installed pidgin in December 2011

matthias
-- 
Sent from my FreeBSD netbook

Matthias Apitz   |  - No system with backdoors like Apple/Android
E-mail: g...@unixarea.de |  - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |  - No proprietary attachments
phone: +49-170-4527211   |  - Respect for open standards

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: Pidgin icon in Ubuntu 12.10/Mint/Cinnamon fixed (at least for me!)

[Dustin DeVries]

Yes, I actually brought this up on the system icon bugs thread for cinnamon
(don't have the url handy) that was a catchall ticket for bugs related to
system tray behavior, so hopefully someone on the cinnamon development team
can help us out. Either way, in glad to finally have this fixed!
On Jan 18, 2013 11:23 AM, "Tres Finocchiaro" 
wrote:

> Thanks for this, Dustin.
>
> Since Cinnamon plays nicer with the 22x22 version, perhaps the Cinnamon
> desktop team has a way of making this default?
>
> Pidgin + Cinnamon are a fairly popular combination, I'm sure others will
> benefit from your investigation.
>
> -Tres
>
> On Fri, Jan 18, 2013 at 12:10 PM, Dustin DeVries  > wrote:
>
>> For anyone having trouble with the Pidgin icon disappearing in Cinnamon
>> in the system tray, I was able to fix it using the following hack:
>>
>> As root (or sudo) from a terminal window:
>>
>> cd /usr/share/pixmaps/pidgin/tray/hicolor
>> mv 16x16 16x16old
>> ln -s 22x22 16x16
>>
>> Then restart pidgin.
>>
>> This essentially makes pidgin use the 22x22 icons instead of 16x16 icons.
>>
>> I was suspicious that the icon size wasn't right for the container, and
>> that perhaps that was causing the image to get scrolled off the menu.  I
>> don't know if that's exactly the problem, but the status icon in the tray
>> does seem to move vertically over time and then eventually just disappears.
>>  By setting it to 22x22 (again at least for me, and I've verified this on
>> two different systems running Cinnamon), the icon stays put in the tray and
>> doesn't move around.
>>
>> Hope this helps.
>>
>> ___
>> Support@pidgin.im mailing list
>> Want to unsubscribe?  Use this link:
>> http://pidgin.im/cgi-bin/mailman/listinfo/support
>>
>
>
>
> --
> - tres.finocchi...@gmail.com
>
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: Pidgin icon in Ubuntu 12.10/Mint/Cinnamon fixed (at least for me!)

[Tres Finocchiaro]

Thanks for this, Dustin.

Since Cinnamon plays nicer with the 22x22 version, perhaps the Cinnamon
desktop team has a way of making this default?

Pidgin + Cinnamon are a fairly popular combination, I'm sure others will
benefit from your investigation.

-Tres

On Fri, Jan 18, 2013 at 12:10 PM, Dustin DeVries
wrote:

> For anyone having trouble with the Pidgin icon disappearing in Cinnamon in
> the system tray, I was able to fix it using the following hack:
>
> As root (or sudo) from a terminal window:
>
> cd /usr/share/pixmaps/pidgin/tray/hicolor
> mv 16x16 16x16old
> ln -s 22x22 16x16
>
> Then restart pidgin.
>
> This essentially makes pidgin use the 22x22 icons instead of 16x16 icons.
>
> I was suspicious that the icon size wasn't right for the container, and
> that perhaps that was causing the image to get scrolled off the menu.  I
> don't know if that's exactly the problem, but the status icon in the tray
> does seem to move vertically over time and then eventually just disappears.
>  By setting it to 22x22 (again at least for me, and I've verified this on
> two different systems running Cinnamon), the icon stays put in the tray and
> doesn't move around.
>
> Hope this helps.
>
> ___
> Support@pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> http://pidgin.im/cgi-bin/mailman/listinfo/support
>



-- 
- tres.finocchi...@gmail.com
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[David Woolley]

David Woolley wrote:

To the extent that that is the problem, simply replacing the .pem file 
with a current one, should sort the problem.  I don't know if you will 


The server certificates don't seem to include the full certificate 
chain, so I think you will need to install the pem file for MSIT Machine 
Authority CA-2.  Doing so may be more important than correcting the 
expired certificate.  (I'm wondering if Pidgin is ignoring expiry dates.)


The immediate signer of an earlier certificate was Microsoft Secure 
Server  Authority, which is known to Pidgin, but also expired in 
February 2011.


--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Pidgin icon in Ubuntu 12.10/Mint/Cinnamon fixed (at least for me!)

[Dustin DeVries]

For anyone having trouble with the Pidgin icon disappearing in Cinnamon in
the system tray, I was able to fix it using the following hack:

As root (or sudo) from a terminal window:

cd /usr/share/pixmaps/pidgin/tray/hicolor
mv 16x16 16x16old
ln -s 22x22 16x16

Then restart pidgin.

This essentially makes pidgin use the 22x22 icons instead of 16x16 icons.

I was suspicious that the icon size wasn't right for the container, and
that perhaps that was causing the image to get scrolled off the menu.  I
don't know if that's exactly the problem, but the status icon in the tray
does seem to move vertically over time and then eventually just disappears.
 By setting it to 22x22 (again at least for me, and I've verified this on
two different systems running Cinnamon), the icon stays put in the tray and
doesn't move around.

Hope this helps.
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: Pidgin MSN certificate chain broken

[David Woolley]

Jeronimo de A. Barros wrote:

Hi...

Today my pidgin is refusing to connect to MSN and returns this error:

"Unable to validate certificate

The certificate for local-blu-people.directory.live.com could not be 
validated. The certificate chain presented is invalid."


It would appear that Pidgin is distributing an intermediate certificate 
for Microsoft Internet Authority than expired in 2011.


This affects all Windows users.  Whether it affects users of other 
operating systems depends on whether:


1) they provide a central store of certificate authority certificates;
2) Pidgin has been built to use that store.

As most of this is on another thread, you should subscribe to the 
support list, or follow it on the archives, for further details.


List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,


If subscribing, remember to take a note of how to unsubscribe!

--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[David Woolley]

Fosforo wrote:

the SHA1 of the popup certificate for  local-bay.contacts.msn.com i am
getting is:

f6:56:e3:29:84:86:8b:6b:38:fd:e4:aa:70:1a:00:4a:33:4d:ba:04

just would like to confirm it is valid before accept.



Unfortunately I deleted it, and didn't write down the OpenSSL 
fingerprint.  The copy I got, had a valid certificate chain using the 
Windows certificate tool.


Does Pidgin store it, even if you reject it?  If so, copy it to Windows, 
if you have access, then rename it as .cer and launch it.  It will 
produce the Windows install certificate dialogue, from where you can 
check the certificate chain.



--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[David Woolley]

Ethan Blanton wrote:



On Windows, we don't use the system store.  I don't know why not, I
assume it's painful, probably because of poor OS design and
implementation.


Probably because one would have to use all of the Windows public key 
infrastructure, instead of the open source implementation.


The non-Windows ones are probably designed for use with OpenSSL.

In Matthias' case, he ran a system call trace, and Pidgin is using 
/usr/local/share/purple/ca-certs, which is clearly a private store in 
Pidgin.  This is on FreeBSD.


The Microsoft Internet Authority certificate in 2.10.3 expired in 
February 2011.  My Windows copy was installed in March 2012 and would 
have been current, then.


It looks like the Microsoft Internet Authority certificate in the source 
tarball for 2.10.6 is also expired (on February 19th 2011), even though 
the extracted file is dated  2012-07-01.  As that is the current 
version, there is definitely a *problem* with Pidgin on any system using 
the certificates it provides.


(As it looks like Pidgin caches the server certificates, I suspect the 
problem only shows up when people use a server they weren't previously 
using, or which, itself, has expired.  On the other hand, it should not 
be using a certificate that is past the lowest expiry date of any 
certificate on its chain.)


--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

msn new certificate

[Fosforo]

Just confirming that others received also the same certificate for
contacts.msn.com domain:

Name: contacts.msn.com

Impressão digital (SHA1):
f6:56:e3:29:84:86:8b:6b:38:fd:e4:aa:70:1a:00:4a:33:4d:ba:04

Data de ativação: Fri Jan 11 14:47:08 2013

Data de expiração: Sun Jan 11 14:47:08 2015

--
[]s Fosforo
-
"Se eu tiver oito horas pra cortar uma arvore, passarei seis afiando
meu machado."
-Abraham Lincoln
-

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[Fosforo]

the SHA1 of the popup certificate for  local-bay.contacts.msn.com i am
getting is:

f6:56:e3:29:84:86:8b:6b:38:fd:e4:aa:70:1a:00:4a:33:4d:ba:04

just would like to confirm it is valid before accept.

--
[]s Fosforo
-
"Se eu tiver oito horas pra cortar uma arvore, passarei seis afiando
meu machado."
-Abraham Lincoln
-

On Fri, Jan 18, 2013 at 1:37 PM, Ethan Blanton  wrote:
> Matthias Apitz spake unto us the following wisdom:
>> > Pidgin doesn't use the OS root certificates *only* on Windows.
>>
>> I'm not a native English and do not understand your phrase; could you
>> please explain what you say; thanks
>
> On non-Windows systems, there is often a certificate store that Pidgin
> can use.  This includes all of the major Linux distributions.  Pidgin
> packages can be configured to use this store, or they can be
> configured to use their internal certificates, it is up to the package
> creator.
>
> On Windows, we don't use the system store.  I don't know why not, I
> assume it's painful, probably because of poor OS design and
> implementation.
>
> Ethan
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEVAwUBUPlsT/8fixZ3H8crAQgmkQf+IBGjCgvRXWgh46sCbhOZEYd+b9H3I/Nv
> FiYKWe0jnjZ1dqp+VRtsbiv/CRsy5flixRn5AtOvCHPdWXuR507WozuorSTHAGMS
> xkbKirC086UuVW/L/vGWAopuk5L/jeURlAGQAT5pE+5rvKPKRSnC8NdhpcBADYpw
> 3rj59pwWyack7JHhtnjJf9HdIHjOvjTlm7SiBgBnpGxsmZX/cZdsOGVtcKBoGq6H
> 04yJEhtphZw324OdK0hI5cbLk5wh+rdEhD6pC2jnYmTFQgOU//g778DWllhBt5iJ
> tVjCZ7pR07TJIrxOk6/vKstO/1Jk1R3/pH1NCBiSagTS4elC6dk52A==
> =GbMa
> -END PGP SIGNATURE-
>
> ___
> Support@pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> http://pidgin.im/cgi-bin/mailman/listinfo/support

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[Ethan Blanton]

Matthias Apitz spake unto us the following wisdom:
> > Pidgin doesn't use the OS root certificates *only* on Windows.
> 
> I'm not a native English and do not understand your phrase; could you
> please explain what you say; thanks

On non-Windows systems, there is often a certificate store that Pidgin
can use.  This includes all of the major Linux distributions.  Pidgin
packages can be configured to use this store, or they can be
configured to use their internal certificates, it is up to the package
creator.

On Windows, we don't use the system store.  I don't know why not, I
assume it's painful, probably because of poor OS design and
implementation.

Ethan


signature.asc
Description: Digital signature
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[Matthias Apitz]

El día Friday, January 18, 2013 a las 08:52:16AM -0500, Ethan Blanton escribió:

> David Woolley spake unto us the following wisdom:
> > >Looking at the certificate, I think the problem is that the
> > >certificate is for contacts.msn.com, but the server is
> > >local-bay.contacts.msn.com. An earlier certificate for a server in
> > >the contacts.msn.com domain (omega.contacts.msn.com) seems to be a
> > >wild card certificate (Subject: *.contacts.msn.com).
> > 
> > Although the lack of wild card may be a problem, based on off list
> > information from Matthias, it looks like Pidgin doesn't use the OS
> > root certificates, even on Windows.
> 
> Pidgin doesn't use the OS root certificates *only* on Windows.

Hi Ethan,
I'm not a native English and do not understand your phrase; could you
please explain what you say; thanks

matthias
-- 
Sent from my FreeBSD netbook

Matthias Apitz   |  - No system with backdoors like Apple/Android
E-mail: g...@unixarea.de |  - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |  - No proprietary attachments
phone: +49-170-4527211   |  - Respect for open standards

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[David Woolley]

Ethan Blanton wrote:



Pidgin doesn't use the OS root certificates *only* on Windows.



At least some Linux distributions don't have an OS level certificate 
store; each application maintains its own set of root certificates.


On the other hand, applications like Firefox, which would use their own 
store on Linux use the system one on Windows.


--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[Michael Secord]

As it is, I've noticed this MSN popup the last few days, but today I 
haven't been prompted with it, so maybe the issue is already resolved on 
MSN's side?


Ethan Blanton wrote:

David Woolley spake unto us the following wisdom:

Looking at the certificate, I think the problem is that the
certificate is for contacts.msn.com, but the server is
local-bay.contacts.msn.com. An earlier certificate for a server in
the contacts.msn.com domain (omega.contacts.msn.com) seems to be a
wild card certificate (Subject: *.contacts.msn.com).

Although the lack of wild card may be a problem, based on off list
information from Matthias, it looks like Pidgin doesn't use the OS
root certificates, even on Windows.

Pidgin doesn't use the OS root certificates *only* on Windows.

Ethan

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support


___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[Ethan Blanton]

David Woolley spake unto us the following wisdom:
> >Looking at the certificate, I think the problem is that the
> >certificate is for contacts.msn.com, but the server is
> >local-bay.contacts.msn.com. An earlier certificate for a server in
> >the contacts.msn.com domain (omega.contacts.msn.com) seems to be a
> >wild card certificate (Subject: *.contacts.msn.com).
> 
> Although the lack of wild card may be a problem, based on off list
> information from Matthias, it looks like Pidgin doesn't use the OS
> root certificates, even on Windows.

Pidgin doesn't use the OS root certificates *only* on Windows.

Ethan

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[David Woolley]

David Woolley wrote:



I tried using a Windows Pidgin (probably a little dated).  This also 


2.10.3, so not that dated.

produces a certificate warning, but I imagine most Windows users would 
just select the option to ignore the problem.


Looking at the certificate, I think the problem is that the certificate 
is for contacts.msn.com, but the server is local-bay.contacts.msn.com. 
An earlier certificate for a server in the contacts.msn.com domain 
(omega.contacts.msn.com) seems to be a wild card certificate (Subject: 
*.contacts.msn.com).


Although the lack of wild card may be a problem, based on off list 
information from Matthias, it looks like Pidgin doesn't use the OS root 
certificates, even on Windows.


In my case, the intermediate certificate for Microsoft Internet 
Authority has expired.  My guess is that Pidgin only checks the chain 
when it sees a new certificate, so an out of date certificate may not 
show up immediately.


To the extent that that is the problem, simply replacing the .pem file 
with a current one, should sort the problem.  I don't know if you will 
then get an error because of the wild card problem.  The safest way to 
do this is probably to extract the current certificate from a web 
browser. Simply publishing the certificate on the internet is not safe, 
as most people, particular on non-Windows systems, will not be able to 
validate it properly against the Baltimore Cyber Trust one.


If exporting from Windows, you probably need the base 64 option when 
doing copy to file.


As I'm not actively using Pidgin for MSN, I don't want to download the 
latest Pidgin in peak time, but if anyone else could check the expiry 
date on the certificate, it would be useful.  On Windows it is in 
\program files\pidgin\ca-certs.  You will need to copy it to a .cer name 
before you can launch the Windows certificate viewer.


According to Matthias, on *nix, it is under 
/usr/local/share/purple/ca-certs.  You will probably need to use OpenSSL 
to view the details.






--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: problems with MSN certificate chain

[David Woolley]

Matthias Apitz wrote:


Since today morning I can't connect to MSN anymore; it says that the
certificates can't be validated;


This is the second report to the list.

I tried using a Windows Pidgin (probably a little dated).  This also 
produces a certificate warning, but I imagine most Windows users would 
just select the option to ignore the problem.


Looking at the certificate, I think the problem is that the certificate 
is for contacts.msn.com, but the server is local-bay.contacts.msn.com. 
An earlier certificate for a server in the contacts.msn.com domain 
(omega.contacts.msn.com) seems to be a wild card certificate (Subject: 
*.contacts.msn.com).


My guess is that someone in Microsoft forgot the "*." when creating the 
certificate.


I guess a work round for this that treated all MSN certificates as wild 
card, wouldn't compromise security too much, but I suspect the amount of 
work involved is disproportionate, given that the MSN service is in lame 
duck mode.


Easier work rounds are likely to compromise security too much.

I'm not sure how Pidgin handles certificate chains on *nix, as there is 
no standard place for trusted certificates, but the certificate chain 
is:  Baltimore Cyber Trust Root > Microsoft Internet Authority > MSIT 
Machine Authority CA-2 > contacts.msn.com.


I'm concerned about the security of the real Messenger application if it 
is not picking up on this error.


Note that I am in a weakly firewalled environment, so all possible 
options for accessing the servers are open.


--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Re: pidgin has stopped working

[David Woolley]

Ians wrote:

Dear Pidgin Support

There is no Pidgin Support organisation.  This is peer support mailing 
list. That is the normal case for open source software.



I have a problem, when i connect pidgin with Mxit pidgin always error.



  Application Version:   2.6.2.0



This version is very old, and, as it says on :

"Pidgin 2.10.5 contains a security update for users of MXit, and 2.10.6 
contains a fix for a buddy list double-click bug that snuck into 2.10.5. 
Please upgrade if you use MXit!"




--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

problems with MSN certificate chain

[Matthias Apitz]

Hello,

Since today morning I can't connect to MSN anymore; it says that the
certificates can't be validated;

This is with pidgin 2.10.x

Any thing I can do? Thanks

matthias
-- 
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e  - w http://www.unixarea.de/

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

pidgin has stopped working

[Ians]

Dear Pidgin Support

 

I have a problem, when i connect pidgin with Mxit pidgin always error. 

 



And dtail

 

Problem signature:

  Problem Event Name:APPCRASH

  Application Name: pidgin.exe

  Application Version:   2.6.2.0

  Application Timestamp: 4aa2f79e

  Fault Module Name:  msvcrt.dll

  Fault Module Version:7.0.7601.17744

  Fault Module Timestamp:  4eeaf722

  Exception Code:  c005

  Exception Offset:000143f9

  OS Version:  6.1.7601.2.1.0.256.1

  Locale ID: 1033

  Additional Information 1:  0a9e

  Additional Information 2:
0a9e372d3b4ad19135b953a78882e789

  Additional Information 3:  0a9e

  Additional Information 4:
0a9e372d3b4ad19135b953a78882e789

 

Read our privacy statement online:

  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

 

If the online privacy statement is not available, please read our privacy
statement offline:

  C:\Windows\system32\en-US\erofflps.txt

 

Thank you

 

Regrat 

Ians

 

<><>___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support