Dear Debian libpurple maintainers,
I can confirm this bug is still present even on debian unstable today,
with both of the jabber/xmpp servers I'm using. Both use let's encrypt
and their certificates verify just fine when using openssl to verify their
certificate:
openssl s_client -connect jabber.berlin.ccc.de:5222 -starttls xmpp
However, libpurple first loads the right certs:
(09:37:44) nss/x509: Loading certificate from /etc/ssl/certs/ISRG_Root_X1.pem
(09:37:44) nss: Trusting CN=ISRG Root X1,O=Internet Security Research Group,C=US
(09:37:44) certificate/x509/ca: Loaded ISRG Root X1 from
/etc/ssl/certs/ISRG_Root_X1.pem
(09:37:44) nss/x509: Loading certificate from /etc/ssl/certs/ISRG_Root_X2.pem
(09:37:44) nss: Trusting CN=ISRG Root X2,O=Internet Security Research Group,C=US
(09:37:44) certificate/x509/ca: Loaded ISRG Root X2 from
/etc/ssl/certs/ISRG_Root_X2.pem
and then still claims the certificate issuer is unknown:
(09:37:44) nss: CERT 0. CN=jabber.berlin.ccc.de :
(09:37:44) nss: ERROR -8179: SEC_ERROR_UNKNOWN_ISSUER
ii pidgin 2.14.13-2
amd64 graphical multi-protocol instant
messaging client
ii libpurple0t64:amd64 2.14.13-2
amd64 multi-protocol instant messaging
library
ii libnss3:amd64 2:3.107-1
amd64 Network Security Service libraries
So I agree with the most recent post in this bug by Phil Dibowitz:
> https://keep.imfreedom.org/pidgin/pidgin/rev/412b2a4de898/
> Any chance we could get a build with that patch in it?
Regards,
Harald
--
- Harald Welte <lafo...@gnumonks.org> https://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
