[Juser] Maddening with SSL certificates
Peter Saint-Andre
stpeter at jabber.org
Tue May 1 10:45:21 CDT 2007
Noiano wrote:
> Hello everybody
> I beg your pardon for this common and very frequent question. I have a
> jabber.org account and I would like to connect via SSL because I often
> connect using FON hotspot or university's lan so I fear from stealing
> password. I always get error of unverified certificate and I really
> cannot understand why is this happening: I have installed all startcom
> root certificate but both kopete and psi complain about the certificate.
> What I understood is that the certificate on jabber.org server doesn't
> have the whole certificate chain so it is not possible to verify the
> digital signature. However I can see the signature of jabber foundation
> but it has no CA signature...what do I wrong?
I have not tested with Kopete, but I know that Psi has a bug in its
certificate handling code, which results in showing an error to the user
for the jabber.org server (and probably any server that has received a
certificate from the XMPP ICA). It is true that there was a bug in
ejabberd (not presenting the entire certificate chain) but we installed
a patch on 2007-03-16 and as far as I know the jabber.org server is
behaving properly now. The Psi bug is being fixed or perhaps already has
been fixed in source control.
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20070501/4be1b863/attachment-0001.bin>
More information about the JUser
mailing list