StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPidgin - Error “SSL peer presented an invalid certificate” on gtalk connection
text
Body
copied!<p>Pidgin can't connect to gtalk and offers to accept an unknown certificate. this is the pidgin error: <code>SSL peer presented an invalid certificate</code></p> <p>i saw another question that has been solved, but it was related to system date, i checked it and date is totally synced and correct.</p> <p>connecting over VPN wasn't helpful. error was same.</p> <p>this is the certificate fingerprint:</p> <pre><code>Common name: gmail.com Fingerprint (SHA1): 28:dd:89:d3:0a:a6:f0:a2:b9:f8:77:fc:55:fc:ab:85:18:de:13:ff Activation date: Tue Jul 23 18:07:27 2013 Expiration date: Wed Jul 23 18:07:27 2014 </code></pre> <p>i rejected the certificate, is it reliable?</p> <p>i runned pidgin in debug mode by <code>pidgin.exe -d</code> shortcut. this is the log:</p> <pre><code>purple\certificates\x509\tls_peers\login.yahoo.com (14:58:38) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\certifica tes\x509\tls_peers\login.yahoo.com (14:58:38) certificate: Successfully verified certificate for login.yahoo.com (14:58:38) proxy: No Windows proxy set. (14:58:38) util: request constructed (14:58:39) util: Writing file blist.xml to directory C:\Users\XMo\AppData\Ro aming\.purple (14:58:39) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\blist.xml (14:58:39) util: Response headers: 'HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:28:38 GMT Set-Cookie: B=e63111t92beem&b=3&s=4i; expires=Fri, 04-Sep-2015 10:28:39 GMT; pat h=/; domain=.yahoo.com Set-Cookie: Y=v=1&n=9hc5v9t26bofb&l=cehjtp0/o&p=m2pvvir012000000&iz=&r=rv&lg=en- US&intl=us&np=1; path=/; domain=.yahoo.com Set-Cookie: T=z=XnbJSBXtwJSBIyN9r3k6ixSNjE2MwY2NDI2N083MzZONU9PTj&a=QAE&sk=DAAtA aOOm3R8Pn&ks=EAAaE80vMWHU1XvmIrWbNLYPQ--~E&d=c2wBTVRZeE5BRXhNelV4TURnd05ERTVNamc 0T1RFeE1BLS0BYQFRQUUBZwFQWVZSU0pINUZSMLKJJEI3T0w3TVpMR01BWQFzY2lkAWRSS1ZKbVA2dWx veWVUSEhOcm9MVnZYLkpjOC0BYWMBQUlQUW81cDR1ZTh2AXNjAXltc2dyAXp6AVhuYkpTQmdXQQF0aXA BdUV1ZGZB; path=/; domain=.yahoo.com Set-Cookie: SSL=v=1&s=EbrNF3L9lSHOT7r4A6BzQkMf9Z5icsr.1DVUwkP0fPZI9xHt03bWPCmlJ. wNwlW.kOFuArTlkGmI6WNbstxN_g--&kv=0; path=/; domain=.yahoo.com; secure; httponly P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control: private Pragma: no-cache Expires: Thu, 05 Jan 1995 22:00:00 GMT Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html ' (14:58:39) yahoo: Authentication: In yahoo_auth16_stage2 (14:58:39) yahoo: Got needed part of B cookie: e63111t92beem&b=3&s=4i (14:58:39) yahoo: Got auth16 stage 2 response code: 0 (14:58:39) yahoo: Authentication: In yahoo_auth16_stage3 (14:58:39) yahoo: yahoo status: 0 (14:58:39) yahoo: 249 bytes to read, rxlen is 269 (14:58:39) yahoo: Yahoo Service: 0x55 Status: 0 (14:58:39) proxy: No Windows proxy set. (14:58:39) util: requesting to fetch a URL (14:58:39) proxy: No Windows proxy set. (14:58:39) dnsquery: Performing DNS lookup for address.yahoo.com (14:58:39) proxy: No Windows proxy set. (14:58:39) dnsquery: IP resolved for address.yahoo.com (14:58:39) proxy: Attempting connection to 98.138.5.227 (14:58:39) proxy: Connecting to address.yahoo.com:80 with no proxy (14:58:39) proxy: Connection in progress (14:58:39) proxy: Connecting to address.yahoo.com:80. (14:58:39) proxy: Connected to address.yahoo.com:80. (14:58:39) util: request constructed (14:58:40) yahoo: 102 bytes to read, rxlen is 439 (14:58:40) yahoo: Yahoo Service: 0xf1 Status: 0 (14:58:40) proxy: No Windows proxy set. (14:58:40) util: requesting to fetch a URL (14:58:40) proxy: No Windows proxy set. (14:58:40) dnsquery: Performing DNS lookup for address.yahoo.com (14:58:40) yahoo: Authentication: Connection established (14:58:40) connection: Activating keepalive. (14:58:40) yahoo: 8 bytes to read, rxlen is 317 (14:58:40) yahoo: Yahoo Service: 0xf0 Status: 0 (14:58:40) yahoo: 204 bytes to read, rxlen is 289 (14:58:40) yahoo: Yahoo Service: 0xef Status: 1 (14:58:40) yahoo: Unhandled service 0xef (14:58:40) yahoo: 18 bytes to read, rxlen is 65 (14:58:40) yahoo: Yahoo Service: 0x12 Status: 1 (14:58:40) yahoo: Unhandled service 0x12 (14:58:40) yahoo: 7 bytes to read, rxlen is 27 (14:58:40) yahoo: Yahoo Service: 0x0b Status: 1 (14:58:40) proxy: No Windows proxy set. (14:58:40) dnsquery: IP resolved for address.yahoo.com (14:58:40) proxy: Attempting connection to 98.138.5.227 (14:58:40) proxy: Connecting to address.yahoo.com:80 with no proxy (14:58:40) proxy: Connection in progress (14:58:40) util: Response headers: 'HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:28:40 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" x-frame-options: sameorigin Vary: Accept-Encoding Content-Type: text/xml; charset=utf-8 Cache-Control: private Age: 0 Transfer-Encoding: chunked Connection: keep-alive Server: YTS/1.19.11 ' (14:58:40) proxy: Connecting to address.yahoo.com:80. (14:58:40) proxy: Connected to address.yahoo.com:80. (14:58:40) util: request constructed (14:58:40) util: Response headers: 'HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:28:40 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" x-frame-options: sameorigin Vary: Accept-Encoding Content-Type: text/xml; charset=utf-8 Cache-Control: private Age: 0 Transfer-Encoding: chunked Connection: keep-alive Server: YTS/1.19.11 ' (14:58:43) account: Connecting to account m.zixxxxxxxx@gmail.com/. (14:58:43) connection: Connecting. gc = 0534E4E0 (14:58:43) proxy: No Windows proxy set. (14:58:43) dnssrv: querying SRV record for gmail.com: _xmpp-client._tcp.gmail.co m (14:58:43) wpurple: This version of dnsapi.dll contains DnsQuery_UTF8 (14:58:43) wpurple: This version of dnsapi.dll contains DnsRecordListFree (14:58:43) dnssrv: found 5 SRV entries (14:58:43) proxy: No Windows proxy set. (14:58:43) dnsquery: Performing DNS lookup for xmpp.l.google.com (14:58:43) proxy: No Windows proxy set. (14:58:44) dnsquery: IP resolved for xmpp.l.google.com (14:58:44) proxy: Attempting connection to 173.194.70.125 (14:58:44) proxy: Connecting to xmpp.l.google.com:5222 with no proxy (14:58:44) proxy: Connection in progress (14:58:44) proxy: Connecting to xmpp.l.google.com:5222. (14:58:44) proxy: Connected to xmpp.l.google.com:5222. (14:58:44) jabber: Sending (m.zixxxxxxxx@gmail.com): <?xml version='1.0' ?> (14:58:44) jabber: Sending (m.zixxxxxxxx@gmail.com): <stream:stream to='gmail.com ' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version= '1.0'> (14:58:44) jabber: Recv (138): <stream:stream from="gmail.com" id="29377D07DDD6A 095" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber :client"> (14:58:44) jabber: Recv (241): <stream:features><starttls xmlns="urn:ietf:params :xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:n s:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism ></mechanisms></stream:features> (14:58:44) jabber: Sending (m.zixxxxxxxx@gmail.com): <starttls xmlns='urn:ietf:pa rams:xml:ns:xmpp-tls'/> (14:58:45) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> (14:58:45) nss: subject=CN=gmail.com,O=Google Inc,L=Mountain View,ST=California, C=US issuer=CN=Google Internet Authority G2,O=Google Inc,C=US (14:58:45) nss: subject=CN=Google Internet Authority G2,O=Google Inc,C=US issuer =CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US (14:58:45) nss: subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US issuer=CN=Geo Trust Global CA,O=GeoTrust Inc.,C=US (14:58:45) certificate/x509/tls_cached: Starting verify for gmail.com (14:58:45) certificate/x509/tls_cached: Checking for cached cert... (14:58:45) certificate/x509/tls_cached: ...Found cached cert (14:58:45) nss/x509: Loading certificate from C:\Users\XMo\AppData\Roaming\. purple\certificates\x509\tls_peers\gmail.com (14:58:45) certificate/x509/tls_cached: Peer cert did NOT match cached (14:58:45) certificate: Checking signature chain for uid=CN=gmail.com,O=Google I nc,L=Mountain View,ST=California,C=US (14:58:45) certificate: ...Good signature by CN=Google Internet Authority G2,O=G oogle Inc,C=US (14:58:45) certificate: ...Good signature by CN=GeoTrust Global CA,O=GeoTrust In c.,C=US (14:58:45) certificate: Chain is VALID (14:58:45) certificate/x509/tls_cached: Checking for a CA with DN=CN=GeoTrust Gl obal CA,O=GeoTrust Inc.,C=US (14:58:45) certificate/x509/tls_cached: Also checking for a CA with DN=CN=GeoTru st Global CA,O=GeoTrust Inc.,C=US (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\AddTrust_External_Root.pem (14:58:45) certificate/x509/ca: Loaded AddTrust External CA Root from C:\Program Files (x86)\Pidgin\ca-certs\AddTrust_External_Root.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\America_Online_Root_Certification_Authority_1.pem (14:58:45) certificate/x509/ca: Loaded America Online Root Certification Authori ty 1 from C:\Program Files (x86)\Pidgin\ca-certs\America_Online_Root_Certificati on_Authority_1.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\AOL_Member_CA.pem (14:58:45) certificate/x509/ca: Loaded AOL Member CA from C:\Program Files (x86) \Pidgin\ca-certs\AOL_Member_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\CAcert_Class3.pem (14:58:45) certificate/x509/ca: Loaded CAcert Class 3 Root from C:\Program Files (x86)\Pidgin\ca-certs\CAcert_Class3.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\CAcert_Root.pem (14:58:45) certificate/x509/ca: Loaded CA Cert Signing Authority from C:\Program Files (x86)\Pidgin\ca-certs\CAcert_Root.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Deutsche_Telekom_Root_CA_2.pem (14:58:45) certificate/x509/ca: Loaded Deutsche Telekom Root CA 2 from C:\Progra m Files (x86)\Pidgin\ca-certs\Deutsche_Telekom_Root_CA_2.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\DigiCertHighAssuranceCA-3.pem (14:58:45) certificate/x509/ca: Loaded DigiCert High Assurance CA-3 from C:\Prog ram Files (x86)\Pidgin\ca-certs\DigiCertHighAssuranceCA-3.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Entrust.net_Secure_Server_CA.pem (14:58:45) certificate/x509/ca: Loaded Entrust.net Secure Server Certification A uthority from C:\Program Files (x86)\Pidgin\ca-certs\Entrust.net_Secure_Server_C A.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Equifax_Secure_CA.pem (14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid gin\ca-certs\Equifax_Secure_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Equifax_Secure_Global_eBusiness_CA-1.pem (14:58:45) certificate/x509/ca: Loaded Equifax Secure Global eBusiness CA-1 from C:\Program Files (x86)\Pidgin\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Go_Daddy_Class_2_CA.pem (14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid gin\ca-certs\Go_Daddy_Class_2_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\GTE_CyberTrust_Global_Root.pem (14:58:45) certificate/x509/ca: Loaded GTE CyberTrust Global Root from C:\Progra m Files (x86)\Pidgin\ca-certs\GTE_CyberTrust_Global_Root.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Microsoft_Internet_Authority.pem (14:58:45) certificate/x509/ca: Loaded Microsoft Internet Authority from C:\Prog ram Files (x86)\Pidgin\ca-certs\Microsoft_Internet_Authority.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Microsoft_Internet_Authority_2010.pem (14:58:45) certificate/x509/ca: Loaded Microsoft Internet Authority from C:\Prog ram Files (x86)\Pidgin\ca-certs\Microsoft_Internet_Authority_2010.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Microsoft_Secure_Server_Authority.pem (14:58:45) certificate/x509/ca: Loaded Microsoft Secure Server Authority from C: \Program Files (x86)\Pidgin\ca-certs\Microsoft_Secure_Server_Authority.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Microsoft_Secure_Server_Authority_2010.pem (14:58:45) certificate/x509/ca: Loaded Microsoft Secure Server Authority from C: \Program Files (x86)\Pidgin\ca-certs\Microsoft_Secure_Server_Authority_2010.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\StartCom_Certification_Authority.pem (14:58:45) certificate/x509/ca: Loaded StartCom Certification Authority from C:\ Program Files (x86)\Pidgin\ca-certs\StartCom_Certification_Authority.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\StartCom_Free_SSL_CA.pem (14:58:45) certificate/x509/ca: Loaded Free SSL Certification Authority from C:\ Program Files (x86)\Pidgin\ca-certs\StartCom_Free_SSL_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Thawte_Premium_Server_CA.pem (14:58:45) certificate/x509/ca: Loaded Thawte Premium Server CA from C:\Program Files (x86)\Pidgin\ca-certs\Thawte_Premium_Server_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Thawte_Primary_Root_CA.pem (14:58:45) certificate/x509/ca: Loaded thawte Primary Root CA from C:\Program Fi les (x86)\Pidgin\ca-certs\Thawte_Primary_Root_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\ValiCert_Class_2_VA.pem (14:58:45) certificate/x509/ca: Loaded http://www.valicert.com/ from C:\Program Files (x86)\Pidgin\ca-certs\ValiCert_Class_2_VA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\VeriSign_Class3_Extended_Validation_CA.pem (14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Extended Validation SSL CA from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class3_Extended_Validati on_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Verisign_Class3_Primary_CA.pem (14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid gin\ca-certs\Verisign_Class3_Primary_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem (14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid gin\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem (14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certifica tion Authority - G5 from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class_3 _Public_Primary_Certification_Authority_-_G5.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem (14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certifica tion Authority - G5 from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class_3 _Public_Primary_Certification_Authority_-_G5_2.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\VeriSign_International_Server_Class_3_CA.pem (14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid gin\ca-certs\VeriSign_International_Server_Class_3_CA.pem (14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c erts\Verisign_RSA_Secure_Server_CA.pem (14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid gin\ca-certs\Verisign_RSA_Secure_Server_CA.pem (14:58:45) certificate/x509/ca: Lazy init completed. (14:58:45) certificate/x509/tls_cached: No Certificate Authorities with either D N found found. I'll prompt the user, I guess. (14:58:47) certificate/x509/tls_cached: User REJECTED cert (14:58:47) certificate: Failed to verify certificate for gmail.com (14:58:47) connection: Connection error on 0534E4E0 (reason: 15 description: SSL peer presented an invalid certificate) (14:58:47) account: Disconnecting account m.zixxxxxxxx@gmail.com/ (00926D38) (14:58:47) connection: Disconnecting connection 0534E4E0 (14:58:47) connection: Destroying connection 0534E4E0 (14:58:49) util: Writing file accounts.xml to directory C:\Users\XMo\AppData \Roaming\.purple (14:58:49) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\accounts. xml </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload