doubt reg. TLS and GSSAPI

Etan S. C. Reisner deryni at
Fri Apr 11 12:25:47 EDT 2008

On Fri, Apr 11, 2008 at 08:06:58PM +0530, Rahul Amaram wrote:
> Hi,
> Now here are my doubts:

Do you have doubts because you have tried to use pidgin and failed or just
'because'? If you haven't tried I really suggest you do that before
asking, it can save everyone time.

> 1. Does pidgin check the certificate against the domain name
> ( or the server name ( It currently
> seems to be verifying against the domain name. Is this expected behaviour?

In pidgin 2.4.0 and later the connect server should be used when a
hostname is specified in that field, the srv record host if no connect
server is specified and an srv record exists, and the domain otherwise.

> 2. When pidgin tries to fetch a ticket for the jabber service, which of
> the below is used as the servername for building the principal
> xmpp/servername at EXAMPLE.COM?
>      - Domain
>      - Server
>      - Name got by resolving domain and doing a reverse
> look-up on the IP (Pidgin seems to be doing this currently)
>      - Name got by resolving server and doing a
> reverse look-up on the IP (Shouldn't this be the expected behaviour?)

I believe this should function simlilarly to my answer above.

> 3. Is it necessary that the domain be resolvable if I am
> filling the "Connect Server" field? If so, for what?

No, with a connect server the Domain entry should not need to be resolvable.

> Looking forward to an early response.
> Thanks and Regards,
> Rahul.


More information about the Support mailing list