Modify

#886 closed defect (wontfix)

Rev 870: Jabber login error, SSL certificate verification not supported by BitlBee OpenSSL code.

Reported by: turak.anita@… Owned by: wilmer
Priority: major Milestone:
Component: Jabber Version: devel
Keywords: Cc:
IRC client+version: Client-independent Operating System: Linux
OS version/distro: Debian 6.0.3 x64

Description

With GMail and OpenSSL:

account on

[@root] g - Login error: Certificate verification problem 0x1: SSL certificate verification not supported by BitlBee OpenSSL code.

It worked in 3.0.4 but cannot sign in with Rev 870.

Attachments (0)

Change History (7)

comment:1 Changed at 2012-01-04T12:19:25Z by Wilmer van der Gaast <wilmer@…>

D'oh. Yes, there's a broken check there. You should be fine with using GnuTLS BTW, which is the recommended/preferred SSL library for BitlBee. I'll fix OpenSSL support before the next release.

comment:2 Changed at 2012-01-04T15:56:36Z by AopicieR

But this only happens after explicitly setting CAfile to some value in bitlbee.conf, right? Which only means that we should add to the description of this setting that verification is not supported when built against OpenSSL and NSS (for now?).

comment:3 Changed at 2012-01-04T16:00:56Z by Wilmer van der Gaast <wilmer@…>

I'd expect the same yeah, but this may be an old ssl (instead of starttls) connection.

Not sure what's going on, it looks like I've forgotten about a few details in the old SSL case anyway. I stopped looking because I'm still at work.

comment:4 Changed at 2012-02-11T13:10:20Z by wilmer

Hrm, yes, I think this is all working as intended. Are you still having this problem? I can't reproduce it on my end.

Can you please show the output of "ac g set"?

comment:5 Changed at 2012-03-08T10:41:00Z by loblik

I'm having similar troubles with my jabber account. I use BitlBee 3.0.5 from Arch repository. My account settings is following.

ssl = `false'
tls = `try'
tls_verify = `true'

jb - Logging in: Connecting
jb - Logging in: Connected to server, logging in
jb - Logging in: Converting stream to TLS
jb - Login error: Certificate verification problem 0x1: SSL certificate verification not supported by BitlBee OpenSSL code.
jb - Logging in: Signing off..

after changing ssl to `true' I get

jb - Login error: Could not connect to server

If I comment out CAfile in bitlbee.conf it will connect just fine. But I would like BitlBee to verify server certificates somehow.

comment:6 Changed at 2012-03-08T10:42:05Z by Wilmer van der Gaast <wilmer@…>

Then don't use OpenSSL.

comment:7 Changed at 2012-03-08T10:47:38Z by wilmer

Resolution: wontfix
Status: newclosed

SSL cert verification only works with GnuTLS, and unless someone else wants to spend effort on an SSL verification patch for BitlBee's OpenSSL module, this is not going to change. GnuTLS has always been the recommended (and the only tested and expected to work) SSL module with BitlBee, the others have just been there for ease of use/for lazy folks. By now GnuTLS is pretty common and should be available/installable on all machines.

Modify Ticket

Action
as closed The owner will remain wilmer.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.