Bug 967844

Summary: Failure to connect to SIPE service (SSL certificate validation)
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: telepathy-hazeAssignee: Brian Pepple <bdpepple>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: bdpepple, chemobejk
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-28 14:07:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Woodhouse 2013-05-28 12:19:29 UTC 
Connection to my SIPE account fails thus:

(haze:8787): purple/certificate/x509/tls_cached-CRITICAL **: Name mismatch: Certificate given for sip.intel.com has a name of orcspool01.amr.corp.intel.com

It's checking the server's SSL certificate for the rôle address that it used to find the service, not the server's canonical hostname. Which I thought was normally the correct thing to do... and indeed the server's cert *does* have a load of other rôle addresses in its AltName field, including meet.intel.com, dial.intel.com, lyncdiscover.intel.com, etc. But not sip.intel.com.

If I manually enter the hostname of the current server into my configuration, it works for now...
Comment 1 Stefan Becker 2013-05-28 14:07:46 UTC 
SIPE doesn't perform any certificate checks. As your log message shows it's libpurple.

It is a known missing feature that haze doesn't have any UI functionality to ask the user if he accepts a "broken" certificate or not. Somebody has to write this code.

*** This bug has been marked as a duplicate of bug 579116 ***