Red Hat Bugzilla – Bug 473458
looking in wrong place for root cert
Last modified: 2008-12-09 23:36:38 EST
Description of problem:
loudmouth looks in /etc/ssl/certs/ca-certificates.crt instead of /etc/pki/tls/certs/ca-bundle.crt when verifying SSL certificates.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. be sure to circumvent Bug 473436
2. have a jabber account defined as follows;
- Encryption required: on
- Ignore SSL cert errors: off
- server field empty
- port: 0
- Use old SSL: off
3. try to connect
Network error in GUI
** (telepathy-gabble:5418): DEBUG: _gabble_connection_connect: letting SRV lookup decide server and port
** (telepathy-gabble:5418): DEBUG: connection_ssl_cb: called: The certificate can not be trusted.
as /etc/pki/tls/certs/ca-bundle.crt is the default location for root certs in Ferdora, loudmouth should check there.
as per irc FreeNode, #telepathy, this is a compile time option, not a setting. As such can you please rebuild?
forgot to add, verified that it's looking in the wrong place with
# mkdir -p /etc/ssl/certs/
# ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt
(took that workaround away again of course as it's ugly)
(In reply to comment #0)
> as per irc FreeNode, #telepathy, this is a compile time option, not a setting.
> As such can you please rebuild?
What's the configure option for that? Giving the config file a quick look, I see no option to set the cert location.
Ok, after digging into this a little further, it looks like setting the cert location is not a config option, and the cert location is hard-coded in lm-ssl-gnutls.c:
#define CA_PEM_FILE "/etc/ssl/certs/ca-certificates.crt"
loudmouth-1.4.3-1.fc10 has been submitted as an update for Fedora 10.
(In reply to comment #4)
> loudmouth-1.4.3-1.fc10 has been submitted as an update for Fedora 10.
Confirm 1.4.3-1.fc10 fixes the bug. You can do CLOSED
re-opening, so bodhi can close it when it's pushed to stable
loudmouth-1.4.3-1.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update loudmouth'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-10490
loudmouth-1.4.3-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.