Summary: | Untrusted SSL certificates are handled badly; should implement interactive certificate verification channels | ||
---|---|---|---|
Product: | Telepathy | Reporter: | Chris Crisafulli <itnet7> |
Component: | haze | Assignee: | Telepathy bugs list <telepathy-bugs> |
Status: | RESOLVED MOVED | QA Contact: | Telepathy bugs list <telepathy-bugs> |
Severity: | normal | ||
Priority: | medium | CC: | bpedman, fred, gnome, hub, ivenvd, travneff, will |
Version: | unspecified | ||
Hardware: | x86 (IA32) | ||
OS: | Linux (All) | ||
Whiteboard: | |||
i915 platform: | i915 features: | ||
Bug Depends on: | 29018 | ||
Bug Blocks: | |||
Attachments: |
This is the version info Ubuntu I'm running, and package versioning info
ugly workaround 0.8-cert-workaround.patch certificate.workaround.patch |
I am experiencing this as well...it is pretty annoying, running ubuntu 9.10 x64. Empathy version 2.28.1.1-0ubuntu1, telepathy-haze version 0.3.2-1 Is this related to bug 17907? Same issue with the latest empathy (2.30.1) in OpenSUSE 11.3. Is there any chance at all that this issue can be fixed? If the real fix is to simply copy the certificate to the correct path as described in the bug report, that's only a couple of lines of code including error checking. Could that not just be added? Just some further info: If I try to connect using Pidgin, I get presented with a prompt about receiving an untrusted certificate. I have the option to accept it or reject it. I'm told what needs to be done is to update empathy/haze to present a similar dialog when it tries to access the groupwise server. As discussed on IRC, the correct solution is not to copy certificates around wildly; it's to implement the API discussed on bug 29018. *** Bug 19018 has been marked as a duplicate of this bug. *** *** Bug 18271 has been marked as a duplicate of this bug. *** Created attachment 47806 [details] [review] ugly workaround I've stripped Will Thompson "work in progress" patch for certs, which only tries to copy certs from ~/.local/share/telepathy-haze/certificates/ to haze session directory and it "works" as expected. This is clearly a workaround until certificate API are implemented in haze any work around on this ? Created attachment 89647 [details] [review] 0.8-cert-workaround.patch cert workaround patch reworked for telepathy-haze-0.8.0 Any updates here? (In reply to comment #10) > Any updates here? Not until/unless... (In reply to comment #4) > As discussed on IRC, the correct solution is not to copy certificates around > wildly; it's to implement the API discussed on bug 29018. ... someone does that, and puts the result here for review. (I don't currently have time to implement that, and am not volunteering.) For those who facing this issue, you don't have to copy the certificates every time you login. Just copy the certificates from `~/.purple/certificates/x509/tls_peers/<servername>` to `/etc/ssl/certs/<servername>.pem`, and kill the telepathy-haze process using `pkill telepathy-haze`. Disable and re-enable your account, and you'll login successfully. Hi, guys first of all, I am not a C programmer, so I changed the source a little bit, to telepathy-haze won't use /tmp/haze-xxxx/ directory to handle the certificates anymore, so instead off use the home directory ~/.haze/ Download the source code 0.8.0 Apply de patch on main.c The procedure is copy once all certificates to ~/.haze/certificates/x509/tls_peers/ and start the telepathy... I hope this help.. PS: Sorry about my english... Created attachment 118909 [details] [review] certificate.workaround.patch telepathy-haze 0.8.0 path certificates -- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/telepathy/telepathy-haze/issues/19. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 28888 [details] This is the version info Ubuntu I'm running, and package versioning info Expected Behavior: Once you open empathy. Go to Accounts and create a Groupwise Messenger Account. After closing the created account, you should be connected to Groupwise Messenger Server without any required further actions on the Users Part. What Actually Occurs: The Groupwise Messenger account is created, but does not open/connect. If you go back to the accounts area you will see that the Groupwise Messenger account icon indicator is flashing, which alerts that there is an issue with the account not connecting properly. Discovered Workaround: cp ~/.purple/certificates/x509/tls_peers/<gwmessenger_servername> /tmp/haze-<random_generated_per_session>/certificates/x509/tls_peers It seems as though when a new empathy session is started, a new /tmp/-haze-<random_generated_per_session>/certificates/x509/tls_peers is created. The groupwise session certificate needs to by copied from the ~/.purple/certificates/x509/tls_peers directory to the /tmp/haze- directory generated with the connection. The Current version I am using is from the Ubuntu Daily PPA 2.27.5, but this has occurred in all of the earlier versions that I have tried. This is not limited to the packaged versions from Ubuntu as this occurs in OpenSuse 11 and Fedora too, at least in a virtual environment. Please let me know if this isn't clear enough or more information is needed. Thanks for your all of your time and effort with Empathy! Chris Crisafulli