Package: pidgin Version: 2.10.10-1.1 Severity: important Dear Maintainer,
this is basically a copy of the upstream bug: > #16412 - NSS SSL doesn't work well with self signed certificates > https://developer.pidgin.im/ticket/16412 In short: if the SSL certificate of the XMPP server is self-signed and has an incomplete validation chain, the following window pops up: > The certificate for localhost could not be validated. > The certificate chain presented is invalid. ....but the user can only click "OK" and has no way to e.g. click "Accept" to accept the implications, which is possible for other "invalid certificate" warnings. This is said to be fixed in Pidgin 2.10.11 with this commit: > Improve NSS handling for unknown CAs > https://hg.pidgin.im/pidgin/main/rev/9086eaeacd2c As a workaround, a user can install the certificate into ~/.purple/certificates/x509/tls_peers/ - however, the filename has to match the "Connect server" entry in the account configuration. If the "connect server" is localhost (e.g. for SSH tunneled connections to the Jabber server) it might help to alias the real hostname to localhost: 0) Assuming a "connect server" entry of "localhost" which is SSH-tunneled to xmpp.example.org 1) Add "xmpp.example.org" to the /etc/hosts entry for localhost: 127.0.0.1 localhost xmpp.example.org 2) Copy certificate to ~/.purple/certificates/x509/tls_peers/xmpp.example.org 3) Pidgin v2.10.10 should now be able to connect. Thanks, C. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-updates') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pidgin depends on: ii gconf2 3.2.6-3 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-13 ii libcairo2 1.14.0-2.1 ii libdbus-1-3 1.8.10-1 ii libdbus-glib-1-2 0.102-1 ii libfontconfig1 2.11.0-6.1 ii libfreetype6 2.5.2-2 ii libgadu3 1:1.12.0-5 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-0 2.42.0-2 ii libgstreamer0.10-0 0.10.36-1.5 ii libgtk2.0-0 2.24.25-1 ii libgtkspell0 2.0.16-1.1 ii libice6 2:1.0.9-1 ii libpango-1.0-0 1.36.8-2 ii libpangocairo-1.0-0 1.36.8-2 ii libpangoft2-1.0-0 1.36.8-2 ii libpurple0 2.10.10-1 ii libsm6 2:1.2.2-1 ii libx11-6 2:1.6.2-3 ii libxml2 2.9.1+dfsg1-4 ii libxss1 1:1.2.2-1 ii perl-base [perlapi-5.20.1] 5.20.1-3 ii pidgin-data 2.10.10-1 Versions of packages pidgin recommends: ii gstreamer0.10-plugins-base 0.10.36-2 ii gstreamer0.10-plugins-good 0.10.31-3+nmu4+b1 Versions of packages pidgin suggests: ii libsqlite3-0 3.8.7.1-1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
