[Juser] jabber.org certificate and Psi

Peter Saint-Andre stpeter at jabber.org
Fri Dec 22 11:56:35 CST 2006


Peter Saint-Andre wrote:
> Maximilian Engelhardt wrote:
>> On Fr, 2006-12-22 at 15:12 +0100, Matthias Wimmer wrote:
>>> Hal Rottenberg schrieb:
>>>> We'd love to help you out at http://forum.psi-im.org.  There's some
>>>> config settings to change to prevent the error from happening or to
>>>> trust the cert explicitly.
>>> Sure you can instruct Psi to ignore the error, but I don't think that 
>>> this is an error on Psi's side. It's just that jabber.org currently 
>>> (last tested some days ago, I don't think it has changed yet) 
>>> presents an invalid certificate (wrong subject).
>>
>> I would agree with Matthias here. His explanation about the false domain
>> name in the certificate sounds reasonable to me and I also think it
>> should be fixed on the server side. I know I can make Psi ignore the
>> certificate warning (in fact, as albert corrected me on MUC, it's a
>> warning, not an error), but then I would be vulnerable to
>> man-in-the-middle attacks.
> 
> I'll work to install a corrected certificate today.

I've generated the new certificate, but in order to install I will need 
to restart the server. Since I don't like to do that in the middle of 
the day (we have ~10k connected users right now), I will restart it 
tonight and send out an email afterwards.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20061222/14124e65/attachment-0001.bin>


More information about the JUser mailing list