Bug 473458 - looking in wrong place for root cert
Summary: looking in wrong place for root cert
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: loudmouth
Version: 10
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Brian Pepple
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-11-28 16:07 UTC by Patrick C. F. Ernzer
Modified: 2008-12-10 04:36 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-12-10 04:36:38 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Patrick C. F. Ernzer 2008-11-28 16:07:00 UTC 
Description of problem:
loudmouth looks in /etc/ssl/certs/ca-certificates.crt instead of /etc/pki/tls/certs/ca-bundle.crt when verifying SSL certificates.

Version-Release number of selected component (if applicable):
loudmouth-1.4.3

How reproducible:
always

Steps to Reproduce:
1. be sure to circumvent Bug 473436
2. have a jabber account defined as follows;
  - Encryption required: on
  - Ignore SSL cert errors: off
  - server field empty
  - port: 0
  - Use old SSL: off
3. try to connect
  
Actual results:
Network error in GUI
** (telepathy-gabble:5418): DEBUG: _gabble_connection_connect: letting SRV lookup decide server and port
[...]
** (telepathy-gabble:5418): DEBUG: connection_ssl_cb: called: The certificate can not be trusted.


Expected results:
as /etc/pki/tls/certs/ca-bundle.crt is the default location for root certs in Ferdora, loudmouth should check there.

Additional info:
as per irc FreeNode, #telepathy, this is a compile time option, not a setting. As such can you please rebuild?
Comment 1 Patrick C. F. Ernzer 2008-11-28 16:09:38 UTC 
forgot to add, verified that it's looking in the wrong place with
# mkdir -p /etc/ssl/certs/
# ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt

(took that workaround away again of course as it's ugly)
Comment 2 Brian Pepple 2008-11-28 23:42:33 UTC 
(In reply to comment #0)
> as per irc FreeNode, #telepathy, this is a compile time option, not a setting.
> As such can you please rebuild?

What's the configure option for that?  Giving the config file a quick look, I see no option to set the cert location.
Comment 3 Brian Pepple 2008-11-28 23:53:52 UTC 
Ok, after digging into this a little further, it looks like setting the cert location is not a config option, and the cert location is hard-coded in lm-ssl-gnutls.c:

#define CA_PEM_FILE "/etc/ssl/certs/ca-certificates.crt"
Comment 4 Fedora Update System 2008-11-29 00:56:39 UTC 
loudmouth-1.4.3-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/loudmouth-1.4.3-1.fc10
Comment 5 Patrick C. F. Ernzer 2008-12-01 11:20:03 UTC 
(In reply to comment #4)
> loudmouth-1.4.3-1.fc10 has been submitted as an update for Fedora 10.

Confirm 1.4.3-1.fc10 fixes the bug. You can do CLOSED
Comment 6 Brian Pepple 2008-12-01 12:23:12 UTC 
re-opening, so bodhi can close it when it's pushed to stable
Comment 7 Fedora Update System 2008-12-03 01:10:04 UTC 
loudmouth-1.4.3-1.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update loudmouth'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-10490
Comment 8 Fedora Update System 2008-12-10 04:36:32 UTC 
loudmouth-1.4.3-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.