2325435 – pidgin repeatedly prompts to accept a TLS certificate on every connection attempt

Bug 2325435 - pidgin repeatedly prompts to accept a TLS certificate on every connection attempt

Summary: pidgin repeatedly prompts to accept a TLS certificate on every connection att...

Keywords:
Status:	CLOSED DUPLICATE of bug 2311054
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pidgin
Sub Component:
Version:	41
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Jaroslav Škarvada
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-12 11:17 UTC by Daniel Berrangé
Modified:	2024-11-12 14:54 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-11-12 14:54:45 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel Berrangé 2024-11-12 11:17:28 UTC

Some time in the past month-ish pidgin started repeatedly prompting to accept a TLS certificate on every connection attempt, including when it re-establishes connection after transient network outage.

  "Accept certificate for irc.libera.chat?

  The certificate for irc.libera.chat could not be validated.

  The certificate is not trusted because no certificate that can verify it is currently trusted."

The issue seems to affect my connections to OFTC and Libera IRC networks.

I found a recent upstream bug report which is suggesting a regression has been caused by an NSS update

  https://issues.imfreedom.org/issue/PIDGIN-17886/Certificate-verification-errors-with-NSS-3.103

which has an upstream fix

  https://keep.imfreedom.org/pidgin/pidgin/rev/412b2a4de898/

I've not tested if this fixes my problem, but it looks close enough to be plausible since pidgin in Fedora is built with NSS, and the update to 3.103 NSS arrived in Fedora in the time window where I first saw this regression.

Could you look at getting this pidgin (libpurple) fix into Fedora packages.

Note, I'm using the latest Fedora flatpak of pidgin, reported as being:

 Pidgin 2.14.13-2.fc41app1 (libpurple 2.14.13) 1392ea316bd054f5f3d29b6954198d8b9e4f27fb


Reproducible: Always

Steps to Reproduce:
1. Connect to irc.libera.chat with TLS
2.
3.
Actual Results:  
"SSL Certification Verification" popup appears every time.

Expected Results:  
No certificate verification popups on connect

Comment 1 Jaroslav Škarvada 2024-11-12 14:45:31 UTC

IMHO it's already in F41, but I don't know whether it fixes the problem.
pidgin-2.14.13-4.fc41:
* Tue Nov  5 2024 Jaroslav Škarvada <jskarvad> - 2.14.13-4
- Fixed nss get peer certificate
  Resolves: rhbz#2311054

Comment 2 Jaroslav Škarvada 2024-11-12 14:46:31 UTC

(In reply to Jaroslav Škarvada from comment #1)
> IMHO it's already in F41, but I don't know whether it fixes the problem.
> pidgin-2.14.13-4.fc41:
> * Tue Nov  5 2024 Jaroslav Škarvada <jskarvad> - 2.14.13-4
> - Fixed nss get peer certificate
>   Resolves: rhbz#2311054

Well, it's in the updates-testing now, but it should get into stable soon.

Comment 3 Jaroslav Škarvada 2024-11-12 14:54:45 UTC

There was a problem in the spec and the patch wasn't applied, fixed in 2.14.13-5.

*** This bug has been marked as a duplicate of bug 2311054 ***

Note You need to log in before you can comment on or make changes to this bug.