Bug 888074 - Pidgin-sipe unable to connect under Fedora 18
Summary: Pidgin-sipe unable to connect under Fedora 18
Status: CLOSED DUPLICATE of bug 770682
Alias: None
Product: Fedora
Classification: Fedora
Component: pidgin-sipe
Version: 18
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Stefan Becker
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2012-12-17 23:43 UTC by Chad Feller
Modified: 2013-04-22 13:16 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-12-18 19:06:37 UTC
Type: Bug

Attachments (Terms of Use)

Description Chad Feller 2012-12-17 23:43:02 UTC
Description of problem:
Since upgrading to Fedora 18 beta, I've been unable to connect to our local Communicator server with pidgin.  The connection fails with a "Read Error".  The pidgin Debug Window shows the following:

(15:22:36) account: Connecting to account user@company.com,user@company.com.
(15:22:36) connection: Connecting. gc = 0x29e7ae0
(15:22:36) dnssrv: querying SRV record for company.com: _sipinternaltls._tcp.company.com
(15:22:36) dnssrv: found 1 SRV entries
(15:22:36) dnsquery: Performing DNS lookup for ocspool.company.com
(15:22:36) dns: Wait for DNS child 6044 failed: No child processes
(15:22:36) dns: Created new DNS child 6200, there are now 1 children.
(15:22:36) dns: Successfully sent DNS request to child 6200
(15:22:36) dns: Got response for 'ocspool.company.com'
(15:22:36) dnsquery: IP resolved for ocspool.company.com
(15:22:36) proxy: Attempting connection to 123.456.78.90
(15:22:36) proxy: Connecting to ocspool.company.com:5061 with no proxy
(15:22:36) proxy: Connection in progress
(15:22:36) proxy: Connecting to ocspool.company.com:5061.
(15:22:36) proxy: Connected to ocspool.company.com:5061.
(15:22:36) nss: subject=CN=ocspool.company.com,OU=IT,O=Company,L=City,ST=State,C=US issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US
(15:22:36) nss: partial certificate chain
(15:22:36) certificate/x509/tls_cached: Starting verify for ocspool.company.com
(15:22:36) certificate/x509/tls_cached: Checking for cached cert...
(15:22:36) certificate/x509/tls_cached: ...Found cached cert
(15:22:36) nss/x509: Loading certificate from /home/user/.purple/certificates/x509/tls_peers/ocspool.company.com
(15:22:36) certificate/x509/tls_cached: Peer cert matched cached
(15:22:36) nss/x509: Exporting certificate to /home/user/.purple/certificates/x509/tls_peers/ocspool.company.com
(15:22:36) util: Writing file /home/user/.purple/certificates/x509/tls_peers/ocspool.company.com
(15:22:37) certificate: Successfully verified certificate for ocspool.company.com
(15:22:37) stun: using server 
(15:22:37) stun: using server 
(15:22:37) stun: using server 
(15:22:37) stun: using server 
(15:22:37) stun: using server 
(15:22:37) connection: Connection error on 0x29e7ae0 (reason: 0 description: Read error)
(15:22:37) account: Disconnecting account user@company.com,user@company.com (0x1406d60)
(15:22:37) connection: Disconnecting connection 0x29e7ae0
(15:22:37) GLib: g_hash_table_destroy: assertion `hash_table != NULL' failed
(15:22:37) connection: Destroying connection 0x29e7ae0

Under Fedora 17 I had no such issue, and I'm using the same account profile under pidgin.

Version-Release number of selected component (if applicable):

(this issue also existed under:
I just never got around to reporting it in a timely fashion.)

How reproducible:

Steps to Reproduce:
1.Try to connect to a Communicator Server under Fedora 18
Actual results:
connection failure

Expected results:
connection success

Additional info:

Comment 1 Stefan Becker 2012-12-18 03:16:02 UTC
Please try  from a shell:

  $ export NSS_SSL_CBC_RANDOM_IV=0
  $ pidgin

Does it work after that? See also SIPE FAQ:


Comment 2 Chad Feller 2012-12-18 18:56:21 UTC
Yes, setting that environmental variable fixes it, and I can connect.  

Based off of the SF link, it is surprising that fixed it, as it worked fine in Fedora 17 (as F17 also had the affected version of NSS).

Comment 3 Stefan Becker 2012-12-18 19:06:37 UTC
That means that

  a) you are connecting to one of the OCS/Lync servers that hasn't been upgrade to the latest Microsoft SSL code
  [e.g. I can connect to my Office365 test account with NSS_SSL_CBC_RANDOM_IV=1]

  b) the backward compatibility patch for NSS in F15/F16/F17 was obviously dropped for F18.

Closing as duplicate to the original NSS bug.

*** This bug has been marked as a duplicate of bug 770682 ***

Comment 4 Gilles 2013-04-22 13:16:55 UTC

I have the same issue, but setting NSS_SSL_CBC_RANDOM_IV dont fix it :-(

pidgin.x86_64 - 2.10.7-2.fc18
pidgin-sipe.x86_64 - 1.15.1-1.fc18
nss.x86_64 - 3.14.3-1.fc18
purple-sipe.x86_64 - 1.15.1-1.fc18

Any idea ?

Note You need to log in before you can comment on or make changes to this bug.