Opened at 2012-01-04T12:09:11Z
Closed at 2012-03-08T10:47:38Z
#886 closed defect (wontfix)
Rev 870: Jabber login error, SSL certificate verification not supported by BitlBee OpenSSL code.
| Reported by: | Owned by: | wilmer | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Jabber | Version: | devel |
| Keywords: | Cc: | ||
| IRC client+version: | Client-independent | Operating System: | Linux |
| OS version/distro: | Debian 6.0.3 x64 |
Description
With GMail and OpenSSL:
account on
[@root] g - Login error: Certificate verification problem 0x1: SSL certificate verification not supported by BitlBee OpenSSL code.
It worked in 3.0.4 but cannot sign in with Rev 870.
Attachments (0)
Change History (7)
comment:1 Changed at 2012-01-04T12:19:25Z by
comment:2 Changed at 2012-01-04T15:56:36Z by
But this only happens after explicitly setting CAfile to some value in bitlbee.conf, right? Which only means that we should add to the description of this setting that verification is not supported when built against OpenSSL and NSS (for now?).
comment:3 Changed at 2012-01-04T16:00:56Z by
I'd expect the same yeah, but this may be an old ssl (instead of starttls) connection.
Not sure what's going on, it looks like I've forgotten about a few details in the old SSL case anyway. I stopped looking because I'm still at work.
comment:4 Changed at 2012-02-11T13:10:20Z by
Hrm, yes, I think this is all working as intended. Are you still having this problem? I can't reproduce it on my end.
Can you please show the output of "ac g set"?
comment:5 Changed at 2012-03-08T10:41:00Z by
I'm having similar troubles with my jabber account. I use BitlBee 3.0.5 from Arch repository. My account settings is following.
ssl = `false' tls = `try' tls_verify = `true'
jb - Logging in: Connecting jb - Logging in: Connected to server, logging in jb - Logging in: Converting stream to TLS jb - Login error: Certificate verification problem 0x1: SSL certificate verification not supported by BitlBee OpenSSL code. jb - Logging in: Signing off..
after changing ssl to `true' I get
jb - Login error: Could not connect to server
If I comment out CAfile in bitlbee.conf it will connect just fine. But I would like BitlBee to verify server certificates somehow.
comment:7 Changed at 2012-03-08T10:47:38Z by
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
SSL cert verification only works with GnuTLS, and unless someone else wants to spend effort on an SSL verification patch for BitlBee's OpenSSL module, this is not going to change. GnuTLS has always been the recommended (and the only tested and expected to work) SSL module with BitlBee, the others have just been there for ease of use/for lazy folks. By now GnuTLS is pretty common and should be available/installable on all machines.
D'oh. Yes, there's a broken check there. You should be fine with using GnuTLS BTW, which is the recommended/preferred SSL library for BitlBee. I'll fix OpenSSL support before the next release.