Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 244374

Summary: net-im/pidgin-2.5.1 says Invalid certificate chain, rather than weak certificate
Product: Gentoo Linux Reporter: Johannes Buchner <buchner.johannes>
Component: New packagesAssignee: Gentoo Net-im project <net-im>
Status: RESOLVED FIXED    
Severity: minor CC: Martin.vGagern, pva, serkan, tsdh
Priority: High    
Version: 2008.0   
Hardware: All   
OS: Linux   
URL: http://developer.pidgin.im/ticket/4458
Whiteboard:
Package list:
Runtime testing required: ---

Description Johannes Buchner 2008-10-25 20:52:12 UTC
This is about the upstream bug http://developer.pidgin.im/ticket/4458 when connecting to a jabber server using SSL/TLS. (I have the gnutls USE flag enabled).

The error message is: 
"Invalid certificate chain
The certificate chain presented for <hostname> is not valid."

Some discussion about this is here too (in German): http://web.jabber.ccc.de/?p=29
Comment 1 Johannes Buchner 2008-10-25 20:53:19 UTC
I fixed it doing the following: 
added the line 
	epatch "${FILESDIR}"/purple-allow-sign-rsa-md5.patch
in src_compile() in net-im/pidgin/pidgin-2.5.1.ebuild before "if use gnutls ; then ..."

ebuild /usr/portage/net-im/pidgin/pidgin-2.5.1.ebuild digest
ebuild /usr/portage/net-im/pidgin/pidgin-2.5.1.ebuild manifest

mkdir /usr/portage/net-im/pidgin/files; 
cd /usr/portage/net-im/pidgin/files; 
wget http://developer.pidgin.im/raw-attachment/ticket/4458/purple-allow-sign-rsa-md5.patch
emerge -v pidgin

Sorry if this is not the cleanest way.
Comment 2 Tassilo Horn 2009-06-19 20:32:52 UTC
I have a similar problem with pidgin-2.5.6.  One developer told me that this could be because the gentoo ebuild doesn't set the certificate directory option:  --with-system-ssl-certs=/etc/ssl/certs
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2009-12-17 12:28:22 UTC
Reading upstream bug report this problem is completely resolved in 2.6.2 and we have 2.6.3 stable now, so I guess this bug is closed. Any way, thank you for report, guys.