On Mon, Sep 29, 2008 at 06:06:19PM -0700, Mark Doliner wrote: > On Mon, Sep 29, 2008 at 5:43 PM, deckrider <[EMAIL PROTECTED]> wrote: > > On Mon, Sep 29, 2008 at 04:56:48PM -0700, Mark Doliner wrote: > >> 2008/9/29 Ethan Blanton <[EMAIL PROTECTED]>: > >> > Mark Doliner spake unto us the following wisdom: > >> >> And so I'd like to point out that this decision negatively impacts the > >> >> virtual hosting provided by Google's Apps. For example, when I login > >> >> my [EMAIL PROTECTED] JID using Pidgin, it looks up the srv record, > >> >> connects to talk.google.com, then presents me with a certificate > >> >> mismatch warning and asks whether I want to accept or reject the > >> >> certificate. > >> >> > >> >> And I just realized that maybe we should continue setting the connect > >> >> server to talk.google.com when users create Google Talk accounts > >> >> within Pidgin (I believe Ethan changed this a few days ago). > >> > > >> > I changed it yesterday; the reason for this is that it breaks SSL > >> > certificate verification for those with gmail.com Google Talk > >> > accounts. Why do you think it should be re-enabled? > >> > >> Because without it Google Apps accounts show the certificate mismatch > >> warning. This is, uh, comical. > >> > >> When I login to talk.google.com as [EMAIL PROTECTED] the certificate > >> presented is for talk.google.com. > >> When I login to talk.google.com as [EMAIL PROTECTED] the > >> certificate presented is for gmail.com. > >> When I login to talk.google.com as [EMAIL PROTECTED] the > >> certificate presented is for googlemail.com. > >> > >> Maybe we should do this: > >> Only set the connect server to talk.google.com when a Google Talk > >> account is created that is not @gmail.com or @googlemail.com > > > > I manage a google apps account, and I would presume, like me, those who > > do this have access to update their records like this (for example if I > > manage example.com). > > > > So do you still experience these issues when you have the following in > > your DNS, and when pidgin follows these accordingly? > > > > Or perhaps I'm missing the point of this discussion: > > I think you might have missed the point of this discussion. I believe > my DNS records are correct (I don't have all the records you do, but I > DO have the SRV records). > > I'm was mostly just raising the point that there doesn't seem to be a > way for someone else's domain to virtually host a jabber server for > your domain without there being a certificate mismatch.
Hmmmm, I was thinking that depended on what the certificate was matched against: if the example.com domain's DNS SRV records pointed to talk.l.google.com and the certificate that talk.l.google.com presented matched talk.l.google.com then I would assume that there _would_ be a match, and everyone would be happy. _______________________________________________ Support mailing list Support@pidgin.im http://pidgin.im/cgi-bin/mailman/listinfo/support
