[Telepathy] MSN using XMPP-- SSL warnings
Will Thompson
will.thompson at collabora.co.uk
Fri Dec 7 04:21:45 PST 2012
On 07/12/12 12:09, Simon McVittie wrote:
> On 06/12/12 15:46, Pedro Francisco wrote:
>> The hostname verified by the certificate doesn't match the server name.
>>
>> Expected hostname: messenger.live.com
>> Certificate hostname: *.gateway.messenger.live.com
>
> I get this too. It looks like an error at Microsoft's end: they're using
> a valid certificate, but for the wrong server name. Their
> documentation[1] says the server's official name (and the one we should
> connect to) is messenger.live.com, so their certificate needs to have
> that as its CN or as one of its "alternative names".
>
> This should affect non-Telepathy clients equally: if a client is
> unaffected, then either it's talking to an unaffected server (they use
> multiple servers with geolocation, so it's not necessarily the case that
> all their servers have this error), or it's not validating certificates
> properly (a security flaw in that client).
>
> Xavier is the owner of our GOA app key - I think he has some way to
> contact Microsoft?
>
> If this isn't fixed for a long time, it would be possible to work around
> it (in Gabble, gnome-online-accounts or even Empathy);
Empathy already attempts to work around this. Empathy sets:
PARAM ("param-extra-certificate-identities",
"*.gateway.messenger.live.com");
which should show up in the
http://telepathy.freedesktop.org/spec/Channel_Type_Server_TLS_Connection.html#Property:ReferenceIdentities
property, which empathy-auth-client.c passes to empathy-tls-verifier.
I wonder what's broken.
--
Will
More information about the telepathy
mailing list