On 07/12/12 12:09, Simon McVittie wrote:
On 06/12/12 15:46, Pedro Francisco wrote:
The hostname verified by the certificate doesn't match the server name.

Expected hostname: messenger.live.com
Certificate hostname: *.gateway.messenger.live.com

I get this too. It looks like an error at Microsoft's end: they're using
a valid certificate, but for the wrong server name. Their
documentation[1] says the server's official name (and the one we should
connect to) is messenger.live.com, so their certificate needs to have
that as its CN or as one of its "alternative names".

This should affect non-Telepathy clients equally: if a client is
unaffected, then either it's talking to an unaffected server (they use
multiple servers with geolocation, so it's not necessarily the case that
all their servers have this error), or it's not validating certificates
properly (a security flaw in that client).

Xavier is the owner of our GOA app key - I think he has some way to
contact Microsoft?

If this isn't fixed for a long time, it would be possible to work around
it (in Gabble, gnome-online-accounts or even Empathy);

Empathy already attempts to work around this. Empathy sets:

      PARAM ("param-extra-certificate-identities",
          "*.gateway.messenger.live.com");

which should show up in the http://telepathy.freedesktop.org/spec/Channel_Type_Server_TLS_Connection.html#Property:ReferenceIdentities property, which empathy-auth-client.c passes to empathy-tls-verifier.

I wonder what's broken.

--
Will
_______________________________________________
telepathy mailing list
telepathy@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/telepathy

Reply via email to