Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 244374 - net-im/pidgin-2.5.1 says Invalid certificate chain, rather than weak certificate
Summary: net-im/pidgin-2.5.1 says Invalid certificate chain, rather than weak certificate
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo net-im Herd
URL: http://developer.pidgin.im/ticket/4458
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-25 20:52 UTC by Johannes Buchner
Modified: 2009-12-17 12:28 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Buchner 2008-10-25 20:52:12 UTC
This is about the upstream bug http://developer.pidgin.im/ticket/4458 when connecting to a jabber server using SSL/TLS. (I have the gnutls USE flag enabled).

The error message is: 
"Invalid certificate chain
The certificate chain presented for <hostname> is not valid."

Some discussion about this is here too (in German): http://web.jabber.ccc.de/?p=29
Comment 1 Johannes Buchner 2008-10-25 20:53:19 UTC
I fixed it doing the following: 
added the line 
	epatch "${FILESDIR}"/purple-allow-sign-rsa-md5.patch
in src_compile() in net-im/pidgin/pidgin-2.5.1.ebuild before "if use gnutls ; then ..."

ebuild /usr/portage/net-im/pidgin/pidgin-2.5.1.ebuild digest
ebuild /usr/portage/net-im/pidgin/pidgin-2.5.1.ebuild manifest

mkdir /usr/portage/net-im/pidgin/files; 
cd /usr/portage/net-im/pidgin/files; 
wget http://developer.pidgin.im/raw-attachment/ticket/4458/purple-allow-sign-rsa-md5.patch
emerge -v pidgin

Sorry if this is not the cleanest way.
Comment 2 Tassilo Horn 2009-06-19 20:32:52 UTC
I have a similar problem with pidgin-2.5.6.  One developer told me that this could be because the gentoo ebuild doesn't set the certificate directory option:  --with-system-ssl-certs=/etc/ssl/certs
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2009-12-17 12:28:22 UTC
Reading upstream bug report this problem is completely resolved in 2.6.2 and we have 2.6.3 stable now, so I guess this bug is closed. Any way, thank you for report, guys.