"Invalid certificate chain"?
elb at pidgin.im
Tue Jul 15 21:44:57 EDT 2008
Mark Doliner spake unto us the following wisdom:
> I'm unable to login to an XMPP account on the server jabber.ccc.de
> using libpurple when compiled with GnuTLS (I think we don't check
> certificates when using Mozilla-NSS?). I get the "Invalid certificate
> chain" error that comes from libpurple/certificate.c:1339. There's a
> note there that says, "TODO: Probably wrong." Does anyone understand
> what it means to have an invalid certificate chain? Is this less
> secure than a simple self-signed certificate? Do we really want to
> not allow connecting to servers with invalid certificate chains? Is
> this something we should prompt the user about?
What revision are you using? I added the CA for that server on July
4, in revision ffcb4d5cb92af02af4c4fbac964ac5699071d29a. If you're
using a revision prior to that, you'll get this error; if you're
getting an error since then, it's something more complicated.
I agree that our current situation seems too drastic; we probably
should have an "I know this is busted, use it anyway" option.
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the Devel