Description of problem: I just noticed that mcabber does not verify the commonname of a certificate with gnutls. E.g. when there is the following situation: A server is reachable via foo.example.com and bar.example.com and provides an certificate with the common name bar.example.com. When I connect to the server via "set server = foo.example.com", mcabber compiled with openssl gives this error: jab_start: SSL negotiation failed: server certificate cn mismatch but mcabber with gnutls does not complain. Version-Release number of selected component (if applicable): mcabber-0.9.4-1.fc7 How reproducible: always Steps to Reproduce: 1. enable ssl verification 2. connect to a server with a different hostname than the common name of the certificate it uses Actual results: mcabber connects happily Expected results: mcabber should quit with, e.g. the following message: jab_start: SSL negotiation failed: server certificate cn mismatch Additional info: I just reported this upstream. I guess a good workaround until upstream released a fixed version is to use openssl-devel as BR instead of gnutls-devel.
(In reply to comment #0) > I just reported this upstream. I guess a good workaround until upstream released > a fixed version is to use openssl-devel as BR instead of gnutls-devel. This is known beheaviour. So please compile it with openssl instead of gnutls support.
Thanks Till, I've committed 0.9.5-1 to CVS (adding Paul Wolters' patch for this and OTR support) and it's building on F8 now. That'll teach me to try and be clever.. :-P Michael.
mcabber-0.9.5-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update mcabber'
mcabber-0.9.5-1.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update mcabber'
mcabber-0.9.5-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
mcabber-0.9.5-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
FYI: Even mcabber 0.9.8 does not support certificate verification with gnutls (I just checked) and it seems that F9 and rawhide mcabber packages are again compiled agains gnutls instead of openssl. Please consider building them against openssl, too. Btw. please respond at least with a short message, if you read this, otherwise I will assume this message was lost and open a fresh bug report.
I'm planning on pushing out 0.9.8 compiled against OpenSSL anyway, thanks for prompting / reminding me. Linking against gnutls seemed like a good idea at the time but as you've noted it's had a couple of regressions / less-than-stellar behaviours, so I'm more than happy to back that change out. I'll import 0.9.8 with OpenSSL when I get home from work this evening :-)
mcabber-0.9.9-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/mcabber-0.9.9-1.fc9
mcabber-0.9.9-1.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update mcabber'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8812
mcabber-0.9.9-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.