On Fri, Dec 7, 2012 at 12:21 PM, Will Thompson <[email protected]> wrote: > On 07/12/12 12:09, Simon McVittie wrote: >> >> On 06/12/12 15:46, Pedro Francisco wrote: >>> >>> The hostname verified by the certificate doesn't match the server name. >>> >>> Expected hostname: messenger.live.com >>> Certificate hostname: *.gateway.messenger.live.com >> >> >> I get this too. It looks like an error at Microsoft's end: they're using >> a valid certificate, but for the wrong server name. Their >> documentation[1] says the server's official name (and the one we should >> connect to) is messenger.live.com, so their certificate needs to have >> that as its CN or as one of its "alternative names". >> >> This should affect non-Telepathy clients equally: if a client is >> unaffected, then either it's talking to an unaffected server (they use >> multiple servers with geolocation, so it's not necessarily the case that >> all their servers have this error), or it's not validating certificates >> properly (a security flaw in that client). >> >> Xavier is the owner of our GOA app key - I think he has some way to >> contact Microsoft? >> >> If this isn't fixed for a long time, it would be possible to work around >> it (in Gabble, gnome-online-accounts or even Empathy); > > > Empathy already attempts to work around this. Empathy sets: > > PARAM ("param-extra-certificate-identities", > "*.gateway.messenger.live.com"); > > which should show up in the > http://telepathy.freedesktop.org/spec/Channel_Type_Server_TLS_Connection.html#Property:ReferenceIdentities > property, which empathy-auth-client.c passes to empathy-tls-verifier. > > I wonder what's broken.
It no longer happens on F18 but I can't be sure until I do a clean install (just in case I clicked the 'don't check cert' checkbox). _______________________________________________ telepathy mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/telepathy
