Bug 473458 - looking in wrong place for root cert
looking in wrong place for root cert
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: loudmouth (Show other bugs)
10
All Linux
medium Severity medium
: ---
: ---
Assigned To: Brian Pepple
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-28 11:07 EST by Patrick C. F. Ernzer
Modified: 2008-12-09 23:36 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-09 23:36:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Patrick C. F. Ernzer 2008-11-28 11:07:00 EST
Description of problem:
loudmouth looks in /etc/ssl/certs/ca-certificates.crt instead of /etc/pki/tls/certs/ca-bundle.crt when verifying SSL certificates.

Version-Release number of selected component (if applicable):
loudmouth-1.4.3

How reproducible:
always

Steps to Reproduce:
1. be sure to circumvent Bug 473436
2. have a jabber account defined as follows;
  - Encryption required: on
  - Ignore SSL cert errors: off
  - server field empty
  - port: 0
  - Use old SSL: off
3. try to connect
  
Actual results:
Network error in GUI
** (telepathy-gabble:5418): DEBUG: _gabble_connection_connect: letting SRV lookup decide server and port
[...]
** (telepathy-gabble:5418): DEBUG: connection_ssl_cb: called: The certificate can not be trusted.


Expected results:
as /etc/pki/tls/certs/ca-bundle.crt is the default location for root certs in Ferdora, loudmouth should check there.

Additional info:
as per irc FreeNode, #telepathy, this is a compile time option, not a setting. As such can you please rebuild?
Comment 1 Patrick C. F. Ernzer 2008-11-28 11:09:38 EST
forgot to add, verified that it's looking in the wrong place with
# mkdir -p /etc/ssl/certs/
# ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt

(took that workaround away again of course as it's ugly)
Comment 2 Brian Pepple 2008-11-28 18:42:33 EST
(In reply to comment #0)
> as per irc FreeNode, #telepathy, this is a compile time option, not a setting.
> As such can you please rebuild?

What's the configure option for that?  Giving the config file a quick look, I see no option to set the cert location.
Comment 3 Brian Pepple 2008-11-28 18:53:52 EST
Ok, after digging into this a little further, it looks like setting the cert location is not a config option, and the cert location is hard-coded in lm-ssl-gnutls.c:

#define CA_PEM_FILE "/etc/ssl/certs/ca-certificates.crt"
Comment 4 Fedora Update System 2008-11-28 19:56:39 EST
loudmouth-1.4.3-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/loudmouth-1.4.3-1.fc10
Comment 5 Patrick C. F. Ernzer 2008-12-01 06:20:03 EST
(In reply to comment #4)
> loudmouth-1.4.3-1.fc10 has been submitted as an update for Fedora 10.

Confirm 1.4.3-1.fc10 fixes the bug. You can do CLOSED
Comment 6 Brian Pepple 2008-12-01 07:23:12 EST
re-opening, so bodhi can close it when it's pushed to stable
Comment 7 Fedora Update System 2008-12-02 20:10:04 EST
loudmouth-1.4.3-1.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update loudmouth'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-10490
Comment 8 Fedora Update System 2008-12-09 23:36:32 EST
loudmouth-1.4.3-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.