Bug 18271

Summary: failure with mismatch cert when connecting to groupwise
Product: Telepathy Reporter: Hubert Figuiere <hub>
Component: hazeAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED DUPLICATE QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: patch for empathy

Description Hubert Figuiere 2008-10-28 08:20:06 UTC 
I try to connect to Groupwise IM with telepathy-haze and the connection hangs.

In debug I get these messages:

(haze:8747): tp-glib-DEBUG: tp_base_connection_change_status: was 4294967295, now 1, for reason 1
(haze:8747): tp-glib-DEBUG: tp_base_connection_change_status: emitting status-changed to 1, for reason 1
** Message: [info] gnutls/x509: Key print: 74:58:b6:10:32:e7:a3:65:57:22:ea:10:c3:7a:c7:31:41:75:a7:eb
** Message: [info] gnutls/x509: Certificate for C=US,ST=Utah,L=Provo,O=Novell,OU=IS&T,CN=im.novell.com claims to be issued by OU=Organizational CA,O=SERVICES2, but the certificate for C=US,ST=Utah,L=Provo,O=Novell,OU=IS&T,CN=im.novell.com does not match.

And nothing more.
Comment 1 Hubert Figuiere 2008-10-28 08:22:06 UTC 
on IRC it has been said the following:

<wjt> 1. make haze silently accept the cert
<wjt> 2. make haze actively fail to connect
<hub> 2 is not acceptable
<wjt> 3. write telepathy spec to get cert information to the user and ask what to do
<daf> 1 is not acceptable
<wjt> 4. leave the status quo, wherein connections mysteriously hang
<sjoerd> 2 is the way to go + probably 3) add an option in haze to ignore ssl errors
<sjoerd> untill we get proper 3
<daf> 5. do like Gabble does, and add an ignore-cert-errors connection parameter
<daf> (and handle that dialog in haze)
<daf> as an interim measure until we do 3


As possible path to implementation.
Comment 2 Hubert Figuiere 2008-10-28 08:26:44 UTC 
From Novell bugzilla:
https://bugzilla.novell.com/show_bug.cgi?id=436314
Comment 3 Will Thompson 2008-10-28 08:59:08 UTC 
Haze needs to intercept or avoid the purple_request_action call from x509_tls_cached_user_auth. Sigh.
Comment 4 Hubert Figuiere 2008-10-28 09:16:23 UTC 
Created attachment 19910 [details] [review]
patch for empathy

This patch add the necessary UI for Groupwise in Empathy (applies to trunk and 2.24.1)
Comment 5 Hubert Figuiere 2008-11-13 08:20:48 UTC 
just to make things clear. There is more than just this patch to fix that.
Comment 6 Frederic Crozat 2011-06-10 04:05:02 UTC 

*** This bug has been marked as a duplicate of bug 23491 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.