Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 251016

Summary: net-im/pidgin-2.5.2 complains about certificate for rsi.hotmail.com
Product: Gentoo Linux Reporter: DEMAINE Benoît-Pierre, aka DoubleHP <dhp_gentoo>
Component: Current packagesAssignee: Gentoo net-im Herd <net-im>
Status: RESOLVED DUPLICATE    
Severity: normal CC: pchrist, serkan
Priority: High    
Version: 2007.0   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: /tmp/emerge--info

Description DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-15 12:13:15 UTC
Since a few days, my pidgin complains:

> Invalid certificate authority signature
> 
> The certificate chain presented by rsi.hotmail.com does not have a valid digital signature from the Certificate Authority from which it claims to have a signature.

People from IRC answered:
> it's "known" in as much as MSN/Hotmail changed their signing certificates, and your system/distribution may not have the newest version
> the newest versions of pidgin ship with the correct certificates, but your system may override those

Note: I am using stable machine, and unmasked 2.5.2 to get benefit of various bugfixes.

This bug may be linked with bug 244374 , or with any bug dealing about ca-certs.

Please, fix this bug before stabilisation (bug 248137 ) but do not make it block.
Comment 1 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-15 12:13:27 UTC
Created attachment 175324 [details]
/tmp/emerge--info
Comment 2 Panagiotis Christopoulos (RETIRED) gentoo-dev 2008-12-15 12:31:05 UTC
(In reply to comment #0)
> Since a few days, my pidgin complains:
> 
> > Invalid certificate authority signature
> > 
> > The certificate chain presented by rsi.hotmail.com does not have a valid...

Please try to backup your ~/.purple/certificates/x509/tls_peers and remove the certificates from that folder. Then restart pidgin. Theoritically, you'll see a window at startup asking whether you want to accept a rsi.hotmail.com new certificate. Please, reply, with any results.
Comment 3 Panagiotis Christopoulos (RETIRED) gentoo-dev 2008-12-15 12:38:48 UTC
Hm, but maybe finally, I'm the one who didn't understand what you're trying to explain here. I'll assign the bug to the proper team, for further investigation. 
Comment 4 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-15 12:52:38 UTC
After 

dhp@moon-gen-3:~/.purple/certificates/x509$ mv tls_peers tls_peers_arch_2008_12_15
dhp@moon-gen-3:~/.purple/certificates/x509$

I get the same error message, only one about MSN, and exactly the same.

I would have been surprised the problem is my user profile. The problem may rather be in /etc/ca-certificates/ ... IIRC.
Comment 5 Serkan Kaba (RETIRED) gentoo-dev 2008-12-15 14:07:53 UTC
Isn't this a duplicate of bug #237250?
Comment 6 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-15 14:41:04 UTC
(In reply to comment #5)
> Isn't this a duplicate of bug #237250?
> 

Indee, yes it is, it is :)

Shame on me :)

*** This bug has been marked as a duplicate of bug 237250 ***