El día Wednesday, November 24, 2010 a las 10:46:31AM +0100, Matthias Apitz escribió:
> El día Wednesday, November 24, 2010 a las 01:04:32AM -0500, John Bailey > escribió: > > > Hi all, > > > > I just pushed out the release of Pidgin 2.7.7. We rushed a release out to > > do > > two important things--finish fixing the MSN certificate issue we thought we > > had > > fixed for 2.7.6 and fix the AIM SSL Handshake Failure problem introduced in > > 2.7.6. There are also a couple minor crash fixes. > > > > Upgrade and enjoy! > > Thank you! I can ACK that 2.7.7. fixes the MSN certificate issue (using > gnuTLS on FreeBSD 8.1) This was to early to say :-( The problem still exists, here is a debug log (the cached certificate in /home/guru/.purple/certificates/x509/tls_peers/omega.contacts.msn.com was downloaded yesterday after deleting all files in /home/guru/.purple/certificates/x509/tls_peers/): (08:50:40) dns: Got response for 'omega.contacts.msn.com' (08:50:40) dnsquery: IP resolved for omega.contacts.msn.com (08:50:40) proxy: Attempting connection to 207.46.113.78 (08:50:40) proxy: Connecting to omega.contacts.msn.com:443 with no proxy (08:50:40) proxy: Connection in progress (08:50:40) proxy: Connecting to omega.contacts.msn.com:443. (08:50:40) proxy: Connected to omega.contacts.msn.com:443. (08:50:40) gnutls: Starting handshake with omega.contacts.msn.com (08:50:41) util: Writing file blist.xml to directory /home/guru/.purple (08:50:41) util: Writing file /home/guru/.purple/blist.xml (08:50:41) gnutls: Handshake complete (08:50:41) gnutls/x509: Key print: ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b (08:50:41) gnutls/x509: Key print: 7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05 (08:50:41) gnutls/x509: Key print: 3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25 (08:50:41) gnutls: Peer provided 3 certs (08:50:41) gnutls: Lvl 0 SHA1 fingerprint: ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b (08:50:41) gnutls: Serial: 7d:da:e0:49:00:08:00:01:c8:b9 (08:50:41) gnutls: Cert DN: C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com (08:50:41) gnutls: Cert Issuer DN: DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority (08:50:41) gnutls: Lvl 1 SHA1 fingerprint: 7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05 (08:50:41) gnutls: Serial: 61:16:6d:2f:00:04:00:00:00:20 (08:50:41) gnutls: Cert DN: DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority (08:50:41) gnutls: Cert Issuer DN: CN=Microsoft Internet Authority (08:50:41) gnutls: Lvl 2 SHA1 fingerprint: 3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25 (08:50:41) gnutls: Serial: 07:27:16:75 (08:50:41) gnutls: Cert DN: CN=Microsoft Internet Authority (08:50:41) gnutls: Cert Issuer DN: C=US,O=GTE Corporation,OU=GTE CyberTrust Solutions\, Inc.,CN=GTE CyberTrust Global Root (08:50:41) certificate/x509/tls_cached: Starting verify for omega.contacts.msn.com (08:50:41) certificate/x509/tls_cached: Checking for cached cert... (08:50:41) certificate/x509/tls_cached: ...Found cached cert (08:50:41) gnutls: Attempting to load X.509 certificate from /home/guru/.purple/certificates/x509/tls_peers/omega.contacts.msn.com (08:50:41) certificate/x509/tls_cached: Peer cert did NOT match cached (08:50:41) gnutls/x509: Certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com claims to be issued by DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority, but the certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com does not match. (08:50:41) certificate: Checking signature chain for uid=C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com (08:50:41) gnutls/x509: Bad signature for DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority on C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com (08:50:41) certificate: ...Bad or missing signature by DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority Chain is INVALID What does this mean? matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <g...@unixarea.de> - w http://www.unixarea.de/ _______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support