[Telepathy] MSN using XMPP-- SSL warnings
Simon McVittie
simon.mcvittie at collabora.co.uk
Fri Dec 7 04:09:05 PST 2012
On 06/12/12 15:46, Pedro Francisco wrote:
> The hostname verified by the certificate doesn't match the server name.
>
> Expected hostname: messenger.live.com
> Certificate hostname: *.gateway.messenger.live.com
I get this too. It looks like an error at Microsoft's end: they're using
a valid certificate, but for the wrong server name. Their
documentation[1] says the server's official name (and the one we should
connect to) is messenger.live.com, so their certificate needs to have
that as its CN or as one of its "alternative names".
This should affect non-Telepathy clients equally: if a client is
unaffected, then either it's talking to an unaffected server (they use
multiple servers with geolocation, so it's not necessarily the case that
all their servers have this error), or it's not validating certificates
properly (a security flaw in that client).
Xavier is the owner of our GOA app key - I think he has some way to
contact Microsoft?
If this isn't fixed for a long time, it would be possible to work around
it (in Gabble, gnome-online-accounts or even Empathy); but if Microsoft
fix it reasonably promptly, that'd be quicker than updating packages in
every distribution with a workaround, and to be honest I'd rather not
apply such workarounds in things as security-sensitive as TLS.
Regards,
smcv
[1] http://msdn.microsoft.com/en-us/library/live/hh826554.aspx
More information about the telepathy
mailing list