Pidgin 2.7.7 released!

Matthias Apitz guru at unixarea.de
Thu Nov 25 02:55:28 EST 2010


El día Wednesday, November 24, 2010 a las 10:46:31AM +0100, Matthias Apitz escribió:

> El día Wednesday, November 24, 2010 a las 01:04:32AM -0500, John Bailey escribió:
> 
> > Hi all,
> > 
> > I just pushed out the release of Pidgin 2.7.7.  We rushed a release out to do
> > two important things--finish fixing the MSN certificate issue we thought we had
> > fixed for 2.7.6 and fix the AIM SSL Handshake Failure problem introduced in
> > 2.7.6.  There are also a couple minor crash fixes.
> > 
> > Upgrade and enjoy!
> 
> Thank you! I can ACK that 2.7.7. fixes the MSN certificate issue (using
> gnuTLS on FreeBSD 8.1)

This was to early to say :-(

The problem still exists, here is a debug log (the cached certificate in
/home/guru/.purple/certificates/x509/tls_peers/omega.contacts.msn.com
was downloaded yesterday after deleting all files in
/home/guru/.purple/certificates/x509/tls_peers/):

(08:50:40) dns: Got response for 'omega.contacts.msn.com'
(08:50:40) dnsquery: IP resolved for omega.contacts.msn.com
(08:50:40) proxy: Attempting connection to 207.46.113.78
(08:50:40) proxy: Connecting to omega.contacts.msn.com:443 with no proxy
(08:50:40) proxy: Connection in progress
(08:50:40) proxy: Connecting to omega.contacts.msn.com:443.
(08:50:40) proxy: Connected to omega.contacts.msn.com:443.
(08:50:40) gnutls: Starting handshake with omega.contacts.msn.com
(08:50:41) util: Writing file blist.xml to directory /home/guru/.purple
(08:50:41) util: Writing file /home/guru/.purple/blist.xml
(08:50:41) gnutls: Handshake complete
(08:50:41) gnutls/x509: Key print: ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b
(08:50:41) gnutls/x509: Key print: 7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05
(08:50:41) gnutls/x509: Key print: 3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25
(08:50:41) gnutls: Peer provided 3 certs
(08:50:41) gnutls: Lvl 0 SHA1 fingerprint: ac:7e:e4:5f:97:b8:7e:f0:0b:ac:a6:51:9f:ba:51:f0:ad:73:17:8b
(08:50:41) gnutls: Serial: 7d:da:e0:49:00:08:00:01:c8:b9
(08:50:41) gnutls: Cert DN: C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com
(08:50:41) gnutls: Cert Issuer DN: DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority
(08:50:41) gnutls: Lvl 1 SHA1 fingerprint: 7e:8a:c2:9c:5a:32:8c:c2:71:a2:d9:4f:75:70:f7:a9:1b:f6:94:05
(08:50:41) gnutls: Serial: 61:16:6d:2f:00:04:00:00:00:20
(08:50:41) gnutls: Cert DN: DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority
(08:50:41) gnutls: Cert Issuer DN: CN=Microsoft Internet Authority
(08:50:41) gnutls: Lvl 2 SHA1 fingerprint: 3d:29:1d:b8:ee:22:be:e1:33:70:06:f2:ef:c6:f9:db:dd:03:bb:25
(08:50:41) gnutls: Serial: 07:27:16:75
(08:50:41) gnutls: Cert DN: CN=Microsoft Internet Authority
(08:50:41) gnutls: Cert Issuer DN: C=US,O=GTE Corporation,OU=GTE CyberTrust Solutions\, Inc.,CN=GTE CyberTrust Global Root
(08:50:41) certificate/x509/tls_cached: Starting verify for omega.contacts.msn.com
(08:50:41) certificate/x509/tls_cached: Checking for cached cert...
(08:50:41) certificate/x509/tls_cached: ...Found cached cert
(08:50:41) gnutls: Attempting to load X.509 certificate from /home/guru/.purple/certificates/x509/tls_peers/omega.contacts.msn.com
(08:50:41) certificate/x509/tls_cached: Peer cert did NOT match cached
(08:50:41) gnutls/x509: Certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com claims to be issued by DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority, but the certificate for C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com does not match.
(08:50:41) certificate: Checking signature chain for uid=C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com
(08:50:41) gnutls/x509: Bad signature for DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority on C=US,ST=WA,L=Redmond,O=MSN,OU=MSN Contact Services,CN=*.contacts.msn.com
(08:50:41) certificate: ...Bad or missing signature by DC=com,DC=microsoft,DC=corp,DC=redmond,CN=Microsoft Secure Server Authority
Chain is INVALID

What does this mean?

	matthias
-- 
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <guru at unixarea.de> - w http://www.unixarea.de/



More information about the Support mailing list