On Thu, 2010-11-25 at 08:55 +0100, Matthias Apitz wrote: > El día Wednesday, November 24, 2010 a las 10:46:31AM +0100, Matthias Apitz > escribió: > > Thank you! I can ACK that 2.7.7. fixes the MSN certificate issue (using > > gnuTLS on FreeBSD 8.1) > > This was to early to say :-(
That's not good at all. <snip> > (08:50:41) gnutls/x509: Certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN > Contact Services,CN=*.contacts.msn.com claims to be issued by > DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority, > but the certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact > Services,CN=*.contacts.msn.com does not match. > (08:50:41) certificate: Checking signature chain for > uid=C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com > (08:50:41) gnutls/x509: Bad signature for > DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority > on C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com The string "Bad signature for" has been changed to "Bad signature from" in the above debug message, this suggests you are not using latest libpurple or not using latest gnutls plugin. (this change was actually made over 15 months ago!) There should also be an additional log entry here saying: (hh:mm:ss) gnutls: Dropping further peer certificates because the chain is broken! Are you sure you are not using an older libpurple with current Pidgin? What does "pidgin -v" report as the versions of Pidgin & libpurple? Are you sure you don't have both self-compiled and distro-provided pidgin in your path and running the wrong one? Does running "ldconfig" as root fix pidgin 2.7.7 to link to correct libpurple 2.7.7 ? If libpurple version is correct are you sure the ssl-gnutls.so plugin is the one from 2.7.7? You'd probably have to check file timestamp to make sure it was compiled around the same time (it's in $prefix/lib/purple-2/ssl-gnutls.so) Please also check from running "pidgin -d" exactly which ssl-gnutls.so is being loaded. Regards, Stu. _______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
