Bug 967844 - Failure to connect to SIPE service (SSL certificate validation)
Summary: Failure to connect to SIPE service (SSL certificate validation)
Keywords:
Status: CLOSED DUPLICATE of bug 579116
Alias: None
Product: Fedora
Classification: Fedora
Component: telepathy-haze
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Brian Pepple
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-05-28 12:19 UTC by David Woodhouse
Modified: 2013-05-28 14:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-05-28 14:07:46 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description David Woodhouse 2013-05-28 12:19:29 UTC
Connection to my SIPE account fails thus:

(haze:8787): purple/certificate/x509/tls_cached-CRITICAL **: Name mismatch: Certificate given for sip.intel.com has a name of orcspool01.amr.corp.intel.com

It's checking the server's SSL certificate for the rôle address that it used to find the service, not the server's canonical hostname. Which I thought was normally the correct thing to do... and indeed the server's cert *does* have a load of other rôle addresses in its AltName field, including meet.intel.com, dial.intel.com, lyncdiscover.intel.com, etc. But not sip.intel.com.

If I manually enter the hostname of the current server into my configuration, it works for now...

Comment 1 Stefan Becker 2013-05-28 14:07:46 UTC
SIPE doesn't perform any certificate checks. As your log message shows it's libpurple.

It is a known missing feature that haze doesn't have any UI functionality to ask the user if he accepts a "broken" certificate or not. Somebody has to write this code.

*** This bug has been marked as a duplicate of bug 579116 ***


Note You need to log in before you can comment on or make changes to this bug.