subject:"Re\: \"Unable to validate certificate\""

Re: "Unable to validate certificate"

2018-01-10 Thread Eion Robb

Hi Phil,

Pidgin on Windows stores ca-certs in the C:\Program Files
(x86)\Pidgin\ca-certs folder, as this is where the libnss plugin loads them
from.

Cheers,
Eion

On 11 January 2018 at 12:26, Phil Smith III  wrote:

> Alex Oren write:
> >OK, found it:
> >https://pki.goog/roots.pem
>
> OK. I know a moderate amount about certs; what trust store does Pidgin use
> on Windows?
>
> Mind you, the messages have stopped, so maybe it's using the Windows trust
> store and that got updated...
>
> ___
> Support@pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support
>
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-10 Thread Phil Smith III

Alex Oren write:
>OK, found it:
>https://pki.goog/roots.pem

OK. I know a moderate amount about certs; what trust store does Pidgin use on 
Windows?

Mind you, the messages have stopped, so maybe it's using the Windows trust 
store and that got updated...

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-10 Thread Dave Warren

Fair enough, thanks. This causes issues in companies using certificates 
signed by their internal (private) root.


There are ways to work around the issue, of course, but it adds more 
hoops to jump through.



On 2018-01-10 14:48, Eion Robb wrote:
I made an attempt at loading certs from the Windows store, however its 
not possible to do this in libpurple without also using the win32 
SSL/TLS system - certificates and SSL/TLS transports are tied together.  
Unfortunately a lot of protocols had issues when going via Window's 
stunnel SSL libraries instead of via NSS, and this would cause 
connections to hang.


On 11 January 2018 at 10:20, > wrote:


On 2018-01-10 1:16 PM, Dave Warren wrote:

Is there any particular reason that pidgin doesn't use the
existing Windows certificate store? This would seem to alleviate
the need to juggle with certificates manually.

Or did I miss part of the plot here?


Probably because Pidgin is not a primarily Windows program and
nobody wrote a plugin to do that


___
Support@pidgin.im  mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support





___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-10 Thread Eion Robb

I made an attempt at loading certs from the Windows store, however its not
possible to do this in libpurple without also using the win32 SSL/TLS
system - certificates and SSL/TLS transports are tied together.
Unfortunately a lot of protocols had issues when going via Window's stunnel
SSL libraries instead of via NSS, and this would cause connections to hang.

On 11 January 2018 at 10:20,  wrote:

> On 2018-01-10 1:16 PM, Dave Warren wrote:
>
>> Is there any particular reason that pidgin doesn't use the existing
>> Windows certificate store? This would seem to alleviate the need to juggle
>> with certificates manually.
>>
>> Or did I miss part of the plot here?
>>
>
> Probably because Pidgin is not a primarily Windows program and nobody
> wrote a plugin to do that
>
>
> ___
> Support@pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support
>
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-10 Thread pidgin


On 2018-01-10 1:16 PM, Dave Warren wrote:

Is there any particular reason that pidgin doesn't use the existing Windows 
certificate store? This would seem to alleviate the need to juggle with 
certificates manually.

Or did I miss part of the plot here?


Probably because Pidgin is not a primarily Windows program and nobody wrote a 
plugin to do that

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-10 Thread Dave Warren

Is there any particular reason that pidgin doesn't use the existing 
Windows certificate store? This would seem to alleviate the need to 
juggle with certificates manually.


Or did I miss part of the plot here?

On 2018-01-07 13:36, Eion Robb wrote:
https://textslashplain.com/2017/10/23/google-internet-authority-g3/ has 
some info about the new Root CA and Intermediate CA certs that Google 
are rolling out.  On Pidgin on Windows we don't include the new "Google 
Trust Services" ca-cert, so it'll keep bugging you about it


On 7 January 2018 at 04:52, Phil Smith III <phs3st...@cox.net 
<mailto:phs3st...@cox.net>> wrote:


And they came back in the evening, though they're gone again now.
Very weird. Well, maybe not: if it's ONE server, maybe load is
higher in the evening, so that server gets pressed into action, goes
idle eventually? If there's some sort of client-server persistence,
then that might continue until that server goes idle again and gets
dropped from the cluster. Of course I'm making this up as I go
along, but it does fit the symptoms...

-Original Message-
From: pid...@alexoren.com <mailto:pid...@alexoren.com>
[mailto:pid...@alexoren.com <mailto:pid...@alexoren.com>]
Sent: Friday, January 05, 2018 5:27 PM
To: Phil Smith III <phs3st...@cox.net <mailto:phs3st...@cox.net>>;
Pidgin <support@pidgin.im <mailto:support@pidgin.im>>
Subject: Re: "Unable to validate certificate"

I am still getting those popups.

Why wouldn't Pidgin remember the accepted certificate?

On 05/01/2018 10:04 PM, Phil Smith III wrote:
 > Saw that, but it *seems* slightly different.
 >
 > Weirdly, after getting them all evening and night (based on the
number of popups I had to close!), I got a few throughout the
morning and then they stopped. So maybe it really was a Google
problem--maybe one server behind a LB with a bad cert?
 >
 > -Original Message-
 > From: pid...@alexoren.com <mailto:pid...@alexoren.com>
[mailto:pid...@alexoren.com <mailto:pid...@alexoren.com>]
 > Sent: Friday, January 05, 2018 2:57 PM
 > To: phs3stuff <phs3st...@cox.net <mailto:phs3st...@cox.net>>;
support@pidgin.im <mailto:support@pidgin.im>
 > Subject: Re: "Unable to validate certificate"
 >
 > Similar issue here:
 >
 >       The certificate for 0.client-channel.google.com
<http://0.client-channel.google.com> could not be validated.
 >       The certificate is not trusted because no certificate that
can verify it is currently trusted.
 >
 > There's an issue on Bitbucket:
 >
https://bitbucket.org/EionRobb/purple-hangouts/issues/168/certificate-issues

<https://bitbucket.org/EionRobb/purple-hangouts/issues/168/certificate-issues>
 >
 >
 > On 05/01/2018 3:48 PM, phs3stuff wrote:
 >> After running flawlessly for a while, I'm suddenly getting:
 >>
 >> Unable to validate certificate
 >>
 >> The certificate for clients6.google.com
<http://clients6.google.com> could not be validated. The certificate
chain presented is invalid.
 >>
 >> This happens repeatedly at random intervals. Sometimes I get
several of these dialogs at once, sometimes just one.
 >>
 >> I know what an invalid certificate chain is, just not what to do
about it for this. Seems like the server is presenting the invalid
chain, which I can't really fix anyway, eh?
 >>
 >> Ideas?
 >>
 >> Windows 7, fully patched; Help/About says:
 >> Pidgin 2.12.0 (libpurple 2.12.0)
 >> Unknown
 >>
 >> (what's the "Unknown" about??)
 >> And I'm using the Hangouts plugin.
 >
 >

___
Support@pidgin.im <mailto:Support@pidgin.im> mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
<https://pidgin.im/cgi-bin/mailman/listinfo/support>




___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support



___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-09 Thread Alex Oren


On 2018-01-09 6:04 PM, Eion Robb wrote:

Yes, we did that for the G2 intermediate cert as part of the windows installer. 
 For the G3 cert, we also need to add the Google Trust Services root CA to 
Pidgin (on top of the intermediate G3 cert)


OK, found it:
https://pki.goog/roots.pem


___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-09 Thread Eion Robb

Hi Alex,

Yes, we did that for the G2 intermediate cert as part of the windows
installer.  For the G3 cert, we also need to add the Google Trust Services
root CA to Pidgin (on top of the intermediate G3 cert)

Cheers,
Eion

On 8 January 2018 at 15:30, Alex Oren  wrote:

> On 2018-01-07 3:36 PM, Eion Robb wrote:
>
>> https://textslashplain.com/2017/10/23/google-internet-authority-g3/ has
>> some info about the new Root CA and Intermediate CA certs that Google are
>> rolling out.  On Pidgin on Windows we don't include the new "Google Trust
>> Services" ca-cert, so it'll keep bugging you about it
>>
>
> Is it possible to manually add that certificate to Pidgin?
>
>
>
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-07 Thread Alex Oren


On 2018-01-07 3:36 PM, Eion Robb wrote:

https://textslashplain.com/2017/10/23/google-internet-authority-g3/ has some info about 
the new Root CA and Intermediate CA certs that Google are rolling out.  On Pidgin on 
Windows we don't include the new "Google Trust Services" ca-cert, so it'll keep 
bugging you about it


Is it possible to manually add that certificate to Pidgin?


___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-07 Thread Eion Robb

https://textslashplain.com/2017/10/23/google-internet-authority-g3/ has
some info about the new Root CA and Intermediate CA certs that Google are
rolling out.  On Pidgin on Windows we don't include the new "Google Trust
Services" ca-cert, so it'll keep bugging you about it

On 7 January 2018 at 04:52, Phil Smith III <phs3st...@cox.net> wrote:

> And they came back in the evening, though they're gone again now. Very
> weird. Well, maybe not: if it's ONE server, maybe load is higher in the
> evening, so that server gets pressed into action, goes idle eventually? If
> there's some sort of client-server persistence, then that might continue
> until that server goes idle again and gets dropped from the cluster. Of
> course I'm making this up as I go along, but it does fit the symptoms...
>
> -Original Message-
> From: pid...@alexoren.com [mailto:pid...@alexoren.com]
> Sent: Friday, January 05, 2018 5:27 PM
> To: Phil Smith III <phs3st...@cox.net>; Pidgin <support@pidgin.im>
> Subject: Re: "Unable to validate certificate"
>
> I am still getting those popups.
>
> Why wouldn't Pidgin remember the accepted certificate?
>
> On 05/01/2018 10:04 PM, Phil Smith III wrote:
> > Saw that, but it *seems* slightly different.
> >
> > Weirdly, after getting them all evening and night (based on the number
> of popups I had to close!), I got a few throughout the morning and then
> they stopped. So maybe it really was a Google problem--maybe one server
> behind a LB with a bad cert?
> >
> > -Original Message-
> > From: pid...@alexoren.com [mailto:pid...@alexoren.com]
> > Sent: Friday, January 05, 2018 2:57 PM
> > To: phs3stuff <phs3st...@cox.net>; support@pidgin.im
> > Subject: Re: "Unable to validate certificate"
> >
> > Similar issue here:
> >
> >   The certificate for 0.client-channel.google.com could not be
> validated.
> >   The certificate is not trusted because no certificate that can
> verify it is currently trusted.
> >
> > There's an issue on Bitbucket:
> > https://bitbucket.org/EionRobb/purple-hangouts/
> issues/168/certificate-issues
> >
> >
> > On 05/01/2018 3:48 PM, phs3stuff wrote:
> >> After running flawlessly for a while, I'm suddenly getting:
> >>
> >> Unable to validate certificate
> >>
> >> The certificate for clients6.google.com could not be validated. The
> certificate chain presented is invalid.
> >>
> >> This happens repeatedly at random intervals. Sometimes I get several of
> these dialogs at once, sometimes just one.
> >>
> >> I know what an invalid certificate chain is, just not what to do about
> it for this. Seems like the server is presenting the invalid chain, which I
> can't really fix anyway, eh?
> >>
> >> Ideas?
> >>
> >> Windows 7, fully patched; Help/About says:
> >> Pidgin 2.12.0 (libpurple 2.12.0)
> >> Unknown
> >>
> >> (what's the "Unknown" about??)
> >> And I'm using the Hangouts plugin.
> >
> >
>
> ___
> Support@pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support
>
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

RE: "Unable to validate certificate"

2018-01-06 Thread Phil Smith III

And they came back in the evening, though they're gone again now. Very weird. 
Well, maybe not: if it's ONE server, maybe load is higher in the evening, so 
that server gets pressed into action, goes idle eventually? If there's some 
sort of client-server persistence, then that might continue until that server 
goes idle again and gets dropped from the cluster. Of course I'm making this up 
as I go along, but it does fit the symptoms...

-Original Message-
From: pid...@alexoren.com [mailto:pid...@alexoren.com] 
Sent: Friday, January 05, 2018 5:27 PM
To: Phil Smith III <phs3st...@cox.net>; Pidgin <support@pidgin.im>
Subject: Re: "Unable to validate certificate"

I am still getting those popups.

Why wouldn't Pidgin remember the accepted certificate?

On 05/01/2018 10:04 PM, Phil Smith III wrote:
> Saw that, but it *seems* slightly different.
> 
> Weirdly, after getting them all evening and night (based on the number of 
> popups I had to close!), I got a few throughout the morning and then they 
> stopped. So maybe it really was a Google problem--maybe one server behind a 
> LB with a bad cert?
> 
> -Original Message-
> From: pid...@alexoren.com [mailto:pid...@alexoren.com]
> Sent: Friday, January 05, 2018 2:57 PM
> To: phs3stuff <phs3st...@cox.net>; support@pidgin.im
> Subject: Re: "Unable to validate certificate"
> 
> Similar issue here:
> 
>   The certificate for 0.client-channel.google.com could not be validated.
>   The certificate is not trusted because no certificate that can verify 
> it is currently trusted.
> 
> There's an issue on Bitbucket:
> https://bitbucket.org/EionRobb/purple-hangouts/issues/168/certificate-issues
> 
> 
> On 05/01/2018 3:48 PM, phs3stuff wrote:
>> After running flawlessly for a while, I'm suddenly getting:
>>
>> Unable to validate certificate
>>
>> The certificate for clients6.google.com could not be validated. The 
>> certificate chain presented is invalid.
>>
>> This happens repeatedly at random intervals. Sometimes I get several of 
>> these dialogs at once, sometimes just one.
>>
>> I know what an invalid certificate chain is, just not what to do about it 
>> for this. Seems like the server is presenting the invalid chain, which I 
>> can't really fix anyway, eh?
>>
>> Ideas?
>>
>> Windows 7, fully patched; Help/About says:
>> Pidgin 2.12.0 (libpurple 2.12.0)
>> Unknown
>>
>> (what's the "Unknown" about??)
>> And I'm using the Hangouts plugin.
> 
> 

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-05 Thread Wade Smart

It didnt say it could not remember.
It said it cant validate.
Very different.
--
Registered Linux User: #480675
Registered Linux Machine: #408606
Linux since June 2005


On Fri, Jan 5, 2018 at 4:27 PM,  <pid...@alexoren.com> wrote:
> I am still getting those popups.
>
> Why wouldn't Pidgin remember the accepted certificate?
>
>
> On 05/01/2018 10:04 PM, Phil Smith III wrote:
>>
>> Saw that, but it *seems* slightly different.
>>
>> Weirdly, after getting them all evening and night (based on the number of
>> popups I had to close!), I got a few throughout the morning and then they
>> stopped. So maybe it really was a Google problem--maybe one server behind a
>> LB with a bad cert?
>>
>> -Original Message-
>> From: pid...@alexoren.com [mailto:pid...@alexoren.com]
>> Sent: Friday, January 05, 2018 2:57 PM
>> To: phs3stuff <phs3st...@cox.net>; support@pidgin.im
>> Subject: Re: "Unable to validate certificate"
>>
>> Similar issue here:
>>
>> The certificate for 0.client-channel.google.com could not be
>> validated.
>> The certificate is not trusted because no certificate that can
>> verify it is currently trusted.
>>
>> There's an issue on Bitbucket:
>>
>> https://bitbucket.org/EionRobb/purple-hangouts/issues/168/certificate-issues
>>
>>
>> On 05/01/2018 3:48 PM, phs3stuff wrote:
>>>
>>> After running flawlessly for a while, I'm suddenly getting:
>>>
>>> Unable to validate certificate
>>>
>>> The certificate for clients6.google.com could not be validated. The
>>> certificate chain presented is invalid.
>>>
>>> This happens repeatedly at random intervals. Sometimes I get several of
>>> these dialogs at once, sometimes just one.
>>>
>>> I know what an invalid certificate chain is, just not what to do about it
>>> for this. Seems like the server is presenting the invalid chain, which I
>>> can't really fix anyway, eh?
>>>
>>> Ideas?
>>>
>>> Windows 7, fully patched; Help/About says:
>>> Pidgin 2.12.0 (libpurple 2.12.0)
>>> Unknown
>>>
>>> (what's the "Unknown" about??)
>>> And I'm using the Hangouts plugin.
>>
>>
>>
>
> ___
> Support@pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-05 Thread pidgin


I am still getting those popups.

Why wouldn't Pidgin remember the accepted certificate?

On 05/01/2018 10:04 PM, Phil Smith III wrote:

Saw that, but it *seems* slightly different.

Weirdly, after getting them all evening and night (based on the number of 
popups I had to close!), I got a few throughout the morning and then they 
stopped. So maybe it really was a Google problem--maybe one server behind a LB 
with a bad cert?

-Original Message-
From: pid...@alexoren.com [mailto:pid...@alexoren.com]
Sent: Friday, January 05, 2018 2:57 PM
To: phs3stuff <phs3st...@cox.net>; support@pidgin.im
Subject: Re: "Unable to validate certificate"

Similar issue here:

The certificate for 0.client-channel.google.com could not be validated.
The certificate is not trusted because no certificate that can verify 
it is currently trusted.

There's an issue on Bitbucket:
https://bitbucket.org/EionRobb/purple-hangouts/issues/168/certificate-issues


On 05/01/2018 3:48 PM, phs3stuff wrote:

After running flawlessly for a while, I'm suddenly getting:

Unable to validate certificate

The certificate for clients6.google.com could not be validated. The certificate 
chain presented is invalid.

This happens repeatedly at random intervals. Sometimes I get several of these 
dialogs at once, sometimes just one.

I know what an invalid certificate chain is, just not what to do about it for 
this. Seems like the server is presenting the invalid chain, which I can't 
really fix anyway, eh?

Ideas?

Windows 7, fully patched; Help/About says:
Pidgin 2.12.0 (libpurple 2.12.0)
Unknown

(what's the "Unknown" about??)
And I'm using the Hangouts plugin.





___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

RE: "Unable to validate certificate"

2018-01-05 Thread Phil Smith III

Saw that, but it *seems* slightly different.

Weirdly, after getting them all evening and night (based on the number of 
popups I had to close!), I got a few throughout the morning and then they 
stopped. So maybe it really was a Google problem--maybe one server behind a LB 
with a bad cert?

-Original Message-
From: pid...@alexoren.com [mailto:pid...@alexoren.com] 
Sent: Friday, January 05, 2018 2:57 PM
To: phs3stuff <phs3st...@cox.net>; support@pidgin.im
Subject: Re: "Unable to validate certificate"

Similar issue here:

The certificate for 0.client-channel.google.com could not be validated.
The certificate is not trusted because no certificate that can verify 
it is currently trusted.

There's an issue on Bitbucket:
https://bitbucket.org/EionRobb/purple-hangouts/issues/168/certificate-issues

On 05/01/2018 3:48 PM, phs3stuff wrote:
> After running flawlessly for a while, I'm suddenly getting:
> 
> Unable to validate certificate
> 
> The certificate for clients6.google.com could not be validated. The 
> certificate chain presented is invalid.
> 
> This happens repeatedly at random intervals. Sometimes I get several of these 
> dialogs at once, sometimes just one.
> 
> I know what an invalid certificate chain is, just not what to do about it for 
> this. Seems like the server is presenting the invalid chain, which I can't 
> really fix anyway, eh?
> 
> Ideas?
> 
> Windows 7, fully patched; Help/About says:
> Pidgin 2.12.0 (libpurple 2.12.0)
> Unknown
> 
> (what's the "Unknown" about??)
> And I'm using the Hangouts plugin.

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

2018-01-05 Thread pidgin


Similar issue here:

The certificate for 0.client-channel.google.com could not be validated.
The certificate is not trusted because no certificate that can verify 
it is currently trusted.

There's an issue on Bitbucket:
https://bitbucket.org/EionRobb/purple-hangouts/issues/168/certificate-issues


On 05/01/2018 3:48 PM, phs3stuff wrote:

After running flawlessly for a while, I'm suddenly getting:

Unable to validate certificate

The certificate for clients6.google.com could not be validated. The certificate 
chain presented is invalid.

This happens repeatedly at random intervals. Sometimes I get several of these 
dialogs at once, sometimes just one.

I know what an invalid certificate chain is, just not what to do about it for 
this. Seems like the server is presenting the invalid chain, which I can't 
really fix anyway, eh?

Ideas?

Windows 7, fully patched; Help/About says:
Pidgin 2.12.0 (libpurple 2.12.0)
Unknown

(what's the "Unknown" about??)
And I'm using the Hangouts plugin.



___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

RE: "Unable to validate certificate"

Re: "Unable to validate certificate"

Re: "Unable to validate certificate"

RE: "Unable to validate certificate"

Re: "Unable to validate certificate"

15 matches

Site Navigation

Mail list logo

Footer information