Package: pidgin
Version: 2.10.10-1.1
Severity: important
Dear Maintainer,
this is basically a copy of the upstream bug:
#16412 - NSS SSL doesn't work well with self signed certificates
https://developer.pidgin.im/ticket/16412
In short: if the SSL certificate of the XMPP server is self-signed and
has an incomplete validation chain, the following window pops up:
The certificate for localhost could not be validated.
The certificate chain presented is invalid.
but the user can only click OK and has no way to e.g. click Accept to
accept the implications, which is possible for other invalid certificate
warnings.
This is said to be fixed in Pidgin 2.10.11 with this commit:
Improve NSS handling for unknown CAs
https://hg.pidgin.im/pidgin/main/rev/9086eaeacd2c
As a workaround, a user can install the certificate into
~/.purple/certificates/x509/tls_peers/ - however, the filename has to match the
Connect server entry in the account configuration. If the connect server is
localhost (e.g. for SSH tunneled connections to the Jabber server) it might help
to alias the real hostname to localhost:
0) Assuming a connect server entry of localhost which is SSH-tunneled to
xmpp.example.org
1) Add xmpp.example.org to the /etc/hosts entry for localhost:
127.0.0.1 localhost xmpp.example.org
2) Copy certificate to ~/.purple/certificates/x509/tls_peers/xmpp.example.org
3) Pidgin v2.10.10 should now be able to connect.
Thanks,
C.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pidgin depends on:
ii gconf2 3.2.6-3
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-13
ii libcairo2 1.14.0-2.1
ii libdbus-1-3 1.8.10-1
ii libdbus-glib-1-20.102-1
ii libfontconfig1 2.11.0-6.1
ii libfreetype62.5.2-2
ii libgadu31:1.12.0-5
ii libgdk-pixbuf2.0-0 2.31.1-2+b1
ii libglib2.0-02.42.0-2
ii libgstreamer0.10-0 0.10.36-1.5
ii libgtk2.0-0 2.24.25-1
ii libgtkspell02.0.16-1.1
ii libice6 2:1.0.9-1
ii libpango-1.0-0 1.36.8-2
ii libpangocairo-1.0-0 1.36.8-2
ii libpangoft2-1.0-0 1.36.8-2
ii libpurple0 2.10.10-1
ii libsm6 2:1.2.2-1
ii libx11-62:1.6.2-3
ii libxml2 2.9.1+dfsg1-4
ii libxss1 1:1.2.2-1
ii perl-base [perlapi-5.20.1] 5.20.1-3
ii pidgin-data 2.10.10-1
Versions of packages pidgin recommends:
ii gstreamer0.10-plugins-base 0.10.36-2
ii gstreamer0.10-plugins-good 0.10.31-3+nmu4+b1
Versions of packages pidgin suggests:
ii libsqlite3-0 3.8.7.1-1
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org