Bug 600532 - Telepathy-Gabble doesn't find system certificates
Summary: Telepathy-Gabble doesn't find system certificates
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: telepathy-gabble
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Brian Pepple
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 613223 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-04 22:36 UTC by Josh Stone
Modified: 2010-07-14 22:55 UTC (History)
5 users (show)

Fixed In Version: telepathy-gabble-0.9.11-2.fc13
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-07-14 22:55:36 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
FreeDesktop.org 29000 0 None None None Never

Description Josh Stone 2010-06-04 22:36:42 UTC
Description of problem:
In Fedora 12, I could use strict-SSL in Empathy for Google Chat (strict meaning encryption required, don't ignore errors).  In Fedora 13 this now just says "Certificate untrusted".

My settings:

  [x] Encryption required (TLS/SSL)
  [ ] Ignore SSL certificate errors

  Server: talk.google.com
  Port:   5222
  [ ] Use old SSL


Version-Release number of selected component (if applicable):
telepathy-gabble-0.9.11-1.fc13.x86_64

I downgraded to telepathy-gabble-0.8.13-1.fc12.x86_64 (leaving all other telepathy/empathy packages at current F13) and it works again.

Comment 1 Brian Pepple 2010-06-04 22:52:04 UTC
If I remember correctly this regression is due to tp-gabble using Wocky for XMMP instead of Loudmouth. I'll have to look into this a bit to see when this will be fixed in Wocky.

Comment 2 Roman Kagan 2010-06-08 21:23:09 UTC
No it's not Wocky who's guilty, it's tp-gabble itself. It passes a wrong path to CA cert bundle to Wocky.

The path is hardcoded in tp-gabble:

src/connection.c:

1895 static gboolean
1896 _gabble_connection_connect (TpBaseConnection *base,
1897                             GError **error)
1898 {
...
1914   /* system certs */
1915   wocky_connector_add_ca (priv->connector,
1916       "/etc/ssl/certs/ca-certificates.crt");


it obviously doesn't match Fedora convention (/etc/pki/tls/certs/ca-bundle.crt).

A workaround is to create a symlink, either system-wide -- as root to that path, or per user -- to ~/.config/telepathy/certs/something.pem.

Comment 3 Brian Pepple 2010-07-10 12:55:47 UTC
*** Bug 613223 has been marked as a duplicate of this bug. ***

Comment 4 Fedora Update System 2010-07-11 18:25:31 UTC
telepathy-gabble-0.9.11-2.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/telepathy-gabble-0.9.11-2.fc13

Comment 5 Fedora Update System 2010-07-13 07:47:09 UTC
telepathy-gabble-0.9.11-2.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update telepathy-gabble'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/telepathy-gabble-0.9.11-2.fc13

Comment 6 Fedora Update System 2010-07-14 22:55:30 UTC
telepathy-gabble-0.9.11-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.