[Juser] Maddening with SSL certificates

Peter Saint-Andre stpeter at jabber.org
Tue May 1 10:45:21 CDT 2007


Noiano wrote:
> Hello everybody
> I beg your pardon for this common and very frequent question. I have a
> jabber.org account and I would like to connect via SSL because I often
> connect using FON hotspot or university's lan so I fear from stealing
> password. I always get error of unverified certificate and I really
> cannot understand why is this happening: I have installed all startcom
> root certificate but both kopete and psi complain about the certificate.
> What I understood is that the certificate on jabber.org server doesn't
> have the whole certificate chain so it is not possible to verify the
> digital signature. However I can see the signature of jabber foundation
> but it has no CA signature...what do I wrong?

I have not tested with Kopete, but I know that Psi has a bug in its 
certificate handling code, which results in showing an error to the user 
for the jabber.org server (and probably any server that has received a 
certificate from the XMPP ICA). It is true that there was a bug in 
ejabberd (not presenting the entire certificate chain) but we installed 
a patch on 2007-03-16 and as far as I know the jabber.org server is 
behaving properly now. The Psi bug is being fixed or perhaps already has 
been fixed in source control.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20070501/4be1b863/attachment-0001.bin>


More information about the JUser mailing list