[Pidgin] #9264: New twitter.com SSL certificate root server unrecognized

Pidgin trac at pidgin.im
Fri May 29 09:43:12 EDT 2009

#9264: New twitter.com SSL certificate root server unrecognized
 Reporter:  zxinn                                       |        Owner:  lschiere    
     Type:  enhancement                                 |       Status:  closed      
Milestone:                                              |    Component:  unclassified
  Version:  2.5.6                                       |   Resolution:  invalid     
 Keywords:  twitter mbpurple certificate ssl microblog  |  

Comment(by bazzargh):

 projekt21: Its possible that your problem is related to bug 4458

 ...since I'm using nss, not gnutls, that wouldn't affect me. If you get
 asked about the cert with fingerprint 2b:66:47:fe.... again can you say
 'yes', grab it from your cache, and upload it? As you comment above,
 pidgin is storing certs with their server name, not (eg) with their
 fingerprint, so if there really are two certs being presented here it only
 stores one; and I see I have the 9e:e9:... key stored (this isn't obvious,
 because nss doesn't put the fingerprints into the log).

 I've been trying to test this with
  openssl s_client -connect twitter.com:443 -CApath ca -showcerts
 (under cygwin, and 'ca' here is a copy of my pidgin ca-cert dir after I've
 run 'c_rehash ca' on it to make it usable by openssl), wondering if one
 set of twitter's servers use a different cert, since both are in your log
 fragment as being twitter.com, but I keep seeing the one 9e:e9:... cert.

Ticket URL: <http://developer.pidgin.im/ticket/9264#comment:7>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list