After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 634164 - Empathy doesn't remember self-signed certificate
Empathy doesn't remember self-signed certificate
Status: RESOLVED OBSOLETE
Product: empathy
Classification: Core
Component: Auth client
2.32.x
Other Linux
: Normal normal
: ---
Assigned To: empathy-maint
empathy-maint
Depends on:
Blocks:
 
 
Reported: 2010-11-06 14:23 UTC by Brian Pepple
Modified: 2018-05-22 14:26 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Debug output from empathy-auth-client (18.20 KB, text/plain)
2010-11-06 14:23 UTC, Brian Pepple
Details
empathy-auth-client logs (26.64 KB, text/plain)
2010-11-15 09:22 UTC, Laurent Bigonville
Details
Empathy.Auth log (8.30 KB, text/x-log)
2012-06-07 04:54 UTC, Petr Schindler
Details
[Test] Environment of empathy-auth-client process (1.47 KB, application/octet-stream)
2012-10-28 21:30 UTC, Jonathan Frederickson
Details

Description Brian Pepple 2010-11-06 14:23:04 UTC
Created attachment 173947 [details]
Debug output from empathy-auth-client

Description of problem:

When connecting to an XMPP/Jabber server with self signed cert, the following
warning pops up and allows one to continue or cancel:

  This connection is untrusted. Would you like to continue anyway?

Dialog includes option to remember the choice for future connections, however
on following connection the choice is not remembered and the dialog pops-up
again.

Version-Release number of selected component (if applicable):
empathy-2.32.0.1-1.fc14.x86_64

How reproducible: Always

Steps to Reproduce: 
  1. Connect to a self-signed XMPP/Jabber server
  2. Accept certificate warning pop-up and check mark "Remember this choice..."
  3. Disconnect and reconnect

Actual results: Certificate warning pops-up again

Expected results: Certificate warning should not pop-up

Original bug: https://bugzilla.redhat.com/show_bug.cgi?id=641526
Comment 1 Brian Pepple 2010-11-06 22:38:11 UTC
As a side note at looking into this a bit more, I noticed on non-debian systems that don't use /etc/ssl/certs/ca-certificates.crt their certs aren't being imported since Empathy is hard coding that location. I've created a patch to fix this in Bug #634197.
Comment 2 Guillaume Desmottes 2010-11-08 10:51:00 UTC
I just tested and it did remember the certificate. Does ~/.config/telepathy/certs contain anything?

Could you please start empathy-auth-client with EMPATHY_DEBUG=all EMPATHY_PERSIST=1 then connect, try to save the cert and attach logs please?
Comment 3 bloodandsoil76@gmail.com 2010-11-09 22:34:49 UTC
ls -l ~/.config/telepathy/certs/ gives:

-rw-r--r--. 1 woden woden 2760 Nov  9 10:55 cert-StartCom Certification Authority

cat ~/.config/telepathy/certs/cert-StartCom\ Certification\ Authority gives:


-----BEGIN CERTIFICATE-----
MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
-----END CERTIFICATE-----
Comment 4 Danielle Madeley 2010-11-09 22:37:00 UTC
Info has been supplied.
Comment 5 Guillaume Desmottes 2010-11-10 15:56:53 UTC
Is that the right certificate? Could you please attach empathy-auth-client logs?
Comment 6 Laurent Bigonville 2010-11-15 09:22:09 UTC
Created attachment 174497 [details]
empathy-auth-client logs

I have the same issue, but here the cert is not even added to ~/.config/telepathy/certs
Comment 7 Guillaume Desmottes 2010-11-15 09:30:27 UTC
(In reply to comment #6)
> Created an attachment (id=174497) [details]
> empathy-auth-client logs
> 
> I have the same issue, but here the cert is not even added to
> ~/.config/telepathy/certs

That's bug #634891
Comment 8 Petr Schindler 2012-06-05 06:19:00 UTC
I can see this bug with empathy-3.4.2.1-1.fc17.x86_64 (in Fedora 17) too. Empathy is complaining about untrusted connections (facebook and gtalk which acounts are set by online accounts). It is asking even if I choose to remember.

I haven't seen this problem with older versions (I can't remember in which version this started).
Comment 9 Guillaume Desmottes 2012-06-05 07:18:12 UTC
Can you please:
- start 'empathy-debugger'
- Try to connect and ask to remember the certificate
- Select 'Empathy.AuthClient' in the debugger and attach its logs
Comment 10 Petr Schindler 2012-06-07 04:54:00 UTC
Created attachment 215819 [details]
Empathy.Auth log
Comment 11 Guillaume Desmottes 2012-06-07 11:17:41 UTC
empathy/Tls-DEBUG: 7.6.2012 06:50:58.101871: empathy_tls_verifier_store_exception: Can't store the pinned certificate: Couldn't find a place to store the pinned certificate

This function is failing:

  if (!gcr_trust_add_pinned_certificate (cert, GCR_PURPOSE_SERVER_AUTH,
          priv->hostname, NULL, &error))
      DEBUG ("Can't store the pinned certificate: %s", error->message);


Stef: any idea?
Comment 12 Hugo 2012-06-20 08:29:12 UTC
Looks like gnome-keyring problem that don't work without gnome-session. There are similar problem when gnome-keyring start before gnome-session or dbus.

I have this issue at lubuntu session, but work in gnome\openbox session.

How can I confirm this?
Comment 13 Guillaume Desmottes 2012-06-20 13:20:12 UTC
Yeah I'm experiencing a similar problem since I updated to Fedora 17.

Can you try the following before trying to connect accounts:
- export $(gnome-keyring-daemon -s)
- EMPATHY_PERSIST=1 /usr/lib/empathy/empathy-auth-client
- Try connecting IM accounts
Comment 14 Guillaume Desmottes 2012-07-10 13:14:53 UTC
It seems that this may be caused by a gnome-settings-daemon bug which has been
fixed in 3.4.2. Which version are you using?

If you are using this version (and be sure you already had this version when
you logged in in your session) could you please:
- Connect your GTalk account
- When the 'certificate untrusted' dialog appears don't answer
- Check the PID of empathy-auth-client
- Paste here the environnement of this process: cat /proc/$PID/environ | tr
'\0' '\n'
Comment 15 Jonathan Frederickson 2012-10-28 21:30:42 UTC
Created attachment 227483 [details]
[Test] Environment of empathy-auth-client process

I'm experiencing the same problem. gnome-settings-daemon 3.4.2 on Arch Linux with XFCE.  The steps you provided in second-to-last post do solve the problem for me.  Following your instructions:

The PID of empathy-auth-client is 25097

The output of the command you provided is attached.
Comment 16 GNOME Infrastructure Team 2018-05-22 14:26:26 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/empathy/issues/295.