On Mon, Sep 29, 2008 at 5:43 PM, deckrider <[EMAIL PROTECTED]> wrote: > On Mon, Sep 29, 2008 at 04:56:48PM -0700, Mark Doliner wrote: >> 2008/9/29 Ethan Blanton <[EMAIL PROTECTED]>: >> > Mark Doliner spake unto us the following wisdom: >> >> And so I'd like to point out that this decision negatively impacts the >> >> virtual hosting provided by Google's Apps. For example, when I login >> >> my [EMAIL PROTECTED] JID using Pidgin, it looks up the srv record, >> >> connects to talk.google.com, then presents me with a certificate >> >> mismatch warning and asks whether I want to accept or reject the >> >> certificate. >> >> >> >> And I just realized that maybe we should continue setting the connect >> >> server to talk.google.com when users create Google Talk accounts >> >> within Pidgin (I believe Ethan changed this a few days ago). >> > >> > I changed it yesterday; the reason for this is that it breaks SSL >> > certificate verification for those with gmail.com Google Talk >> > accounts. Why do you think it should be re-enabled? >> >> Because without it Google Apps accounts show the certificate mismatch >> warning. This is, uh, comical. >> >> When I login to talk.google.com as [EMAIL PROTECTED] the certificate >> presented is for talk.google.com. >> When I login to talk.google.com as [EMAIL PROTECTED] the >> certificate presented is for gmail.com. >> When I login to talk.google.com as [EMAIL PROTECTED] the >> certificate presented is for googlemail.com. >> >> Maybe we should do this: >> Only set the connect server to talk.google.com when a Google Talk >> account is created that is not @gmail.com or @googlemail.com > > I manage a google apps account, and I would presume, like me, those who > do this have access to update their records like this (for example if I > manage example.com). > > So do you still experience these issues when you have the following in > your DNS, and when pidgin follows these accordingly? > > Or perhaps I'm missing the point of this discussion:
I think you might have missed the point of this discussion. I believe my DNS records are correct (I don't have all the records you do, but I DO have the SRV records). I'm was mostly just raising the point that there doesn't seem to be a way for someone else's domain to virtually host a jabber server for your domain without there being a certificate mismatch. -Mark _______________________________________________ Support mailing list [email protected] http://pidgin.im/cgi-bin/mailman/listinfo/support
