Bug 600532

Summary: Telepathy-Gabble doesn't find system certificates
Product: [Fedora] Fedora Reporter: Josh Stone <jistone>
Component: telepathy-gabbleAssignee: Brian Pepple <bdpepple>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: bdpepple, cesarb, mclasen, rkagan, sander
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: telepathy-gabble-0.9.11-2.fc13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-14 22:55:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Stone 2010-06-04 22:36:42 UTC 
Description of problem:
In Fedora 12, I could use strict-SSL in Empathy for Google Chat (strict meaning encryption required, don't ignore errors).  In Fedora 13 this now just says "Certificate untrusted".

My settings:

  [x] Encryption required (TLS/SSL)
  [ ] Ignore SSL certificate errors

  Server: talk.google.com
  Port:   5222
  [ ] Use old SSL


Version-Release number of selected component (if applicable):
telepathy-gabble-0.9.11-1.fc13.x86_64

I downgraded to telepathy-gabble-0.8.13-1.fc12.x86_64 (leaving all other telepathy/empathy packages at current F13) and it works again.
Comment 1 Brian Pepple 2010-06-04 22:52:04 UTC 
If I remember correctly this regression is due to tp-gabble using Wocky for XMMP instead of Loudmouth. I'll have to look into this a bit to see when this will be fixed in Wocky.
Comment 2 Roman Kagan 2010-06-08 21:23:09 UTC 
No it's not Wocky who's guilty, it's tp-gabble itself. It passes a wrong path to CA cert bundle to Wocky.

The path is hardcoded in tp-gabble:

src/connection.c:

1895 static gboolean
1896 _gabble_connection_connect (TpBaseConnection *base,
1897                             GError **error)
1898 {
...
1914   /* system certs */
1915   wocky_connector_add_ca (priv->connector,
1916       "/etc/ssl/certs/ca-certificates.crt");


it obviously doesn't match Fedora convention (/etc/pki/tls/certs/ca-bundle.crt).

A workaround is to create a symlink, either system-wide -- as root to that path, or per user -- to ~/.config/telepathy/certs/something.pem.
Comment 3 Brian Pepple 2010-07-10 12:55:47 UTC 
*** Bug 613223 has been marked as a duplicate of this bug. ***
Comment 4 Fedora Update System 2010-07-11 18:25:31 UTC 
telepathy-gabble-0.9.11-2.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/telepathy-gabble-0.9.11-2.fc13
Comment 5 Fedora Update System 2010-07-13 07:47:09 UTC 
telepathy-gabble-0.9.11-2.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update telepathy-gabble'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/telepathy-gabble-0.9.11-2.fc13
Comment 6 Fedora Update System 2010-07-14 22:55:30 UTC 
telepathy-gabble-0.9.11-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.