Pidgin - Error “SSL peer presented an invalid certificate” on gtalk connection

11.2k views Asked by At

Pidgin can't connect to gtalk and offers to accept an unknown certificate. this is the pidgin error: SSL peer presented an invalid certificate

i saw another question that has been solved, but it was related to system date, i checked it and date is totally synced and correct.

connecting over VPN wasn't helpful. error was same.

this is the certificate fingerprint:

Common name: gmail.com
Fingerprint (SHA1): 28:dd:89:d3:0a:a6:f0:a2:b9:f8:77:fc:55:fc:ab:85:18:de:13:ff
Activation date: Tue Jul 23 18:07:27 2013
Expiration date: Wed Jul 23 18:07:27 2014

i rejected the certificate, is it reliable?

i runned pidgin in debug mode by pidgin.exe -d shortcut. this is the log:

purple\certificates\x509\tls_peers\login.yahoo.com
(14:58:38) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\certifica
tes\x509\tls_peers\login.yahoo.com
(14:58:38) certificate: Successfully verified certificate for login.yahoo.com
(14:58:38) proxy: No Windows proxy set.
(14:58:38) util: request constructed
(14:58:39) util: Writing file blist.xml to directory C:\Users\XMo\AppData\Ro
aming\.purple
(14:58:39) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\blist.xml

(14:58:39) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:38 GMT
Set-Cookie: B=e63111t92beem&b=3&s=4i; expires=Fri, 04-Sep-2015 10:28:39 GMT; pat
h=/; domain=.yahoo.com
Set-Cookie: Y=v=1&n=9hc5v9t26bofb&l=cehjtp0/o&p=m2pvvir012000000&iz=&r=rv&lg=en-
US&intl=us&np=1; path=/; domain=.yahoo.com
Set-Cookie: T=z=XnbJSBXtwJSBIyN9r3k6ixSNjE2MwY2NDI2N083MzZONU9PTj&a=QAE&sk=DAAtA
aOOm3R8Pn&ks=EAAaE80vMWHU1XvmIrWbNLYPQ--~E&d=c2wBTVRZeE5BRXhNelV4TURnd05ERTVNamc
0T1RFeE1BLS0BYQFRQUUBZwFQWVZSU0pINUZSMLKJJEI3T0w3TVpMR01BWQFzY2lkAWRSS1ZKbVA2dWx
veWVUSEhOcm9MVnZYLkpjOC0BYWMBQUlQUW81cDR1ZTh2AXNjAXltc2dyAXp6AVhuYkpTQmdXQQF0aXA
BdUV1ZGZB; path=/; domain=.yahoo.com
Set-Cookie: SSL=v=1&s=EbrNF3L9lSHOT7r4A6BzQkMf9Z5icsr.1DVUwkP0fPZI9xHt03bWPCmlJ.
wNwlW.kOFuArTlkGmI6WNbstxN_g--&kv=0; path=/; domain=.yahoo.com; secure; httponly

P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

'
(14:58:39) yahoo: Authentication: In yahoo_auth16_stage2
(14:58:39) yahoo: Got needed part of B cookie: e63111t92beem&b=3&s=4i
(14:58:39) yahoo: Got auth16 stage 2 response code: 0
(14:58:39) yahoo: Authentication: In yahoo_auth16_stage3
(14:58:39) yahoo: yahoo status: 0
(14:58:39) yahoo: 249 bytes to read, rxlen is 269
(14:58:39) yahoo: Yahoo Service: 0x55 Status: 0
(14:58:39) proxy: No Windows proxy set.
(14:58:39) util: requesting to fetch a URL
(14:58:39) proxy: No Windows proxy set.
(14:58:39) dnsquery: Performing DNS lookup for address.yahoo.com
(14:58:39) proxy: No Windows proxy set.
(14:58:39) dnsquery: IP resolved for address.yahoo.com
(14:58:39) proxy: Attempting connection to 98.138.5.227
(14:58:39) proxy: Connecting to address.yahoo.com:80 with no proxy
(14:58:39) proxy: Connection in progress
(14:58:39) proxy: Connecting to address.yahoo.com:80.
(14:58:39) proxy: Connected to address.yahoo.com:80.
(14:58:39) util: request constructed
(14:58:40) yahoo: 102 bytes to read, rxlen is 439
(14:58:40) yahoo: Yahoo Service: 0xf1 Status: 0
(14:58:40) proxy: No Windows proxy set.
(14:58:40) util: requesting to fetch a URL
(14:58:40) proxy: No Windows proxy set.
(14:58:40) dnsquery: Performing DNS lookup for address.yahoo.com
(14:58:40) yahoo: Authentication: Connection established
(14:58:40) connection: Activating keepalive.
(14:58:40) yahoo: 8 bytes to read, rxlen is 317
(14:58:40) yahoo: Yahoo Service: 0xf0 Status: 0
(14:58:40) yahoo: 204 bytes to read, rxlen is 289
(14:58:40) yahoo: Yahoo Service: 0xef Status: 1
(14:58:40) yahoo: Unhandled service 0xef
(14:58:40) yahoo: 18 bytes to read, rxlen is 65
(14:58:40) yahoo: Yahoo Service: 0x12 Status: 1
(14:58:40) yahoo: Unhandled service 0x12
(14:58:40) yahoo: 7 bytes to read, rxlen is 27
(14:58:40) yahoo: Yahoo Service: 0x0b Status: 1
(14:58:40) proxy: No Windows proxy set.
(14:58:40) dnsquery: IP resolved for address.yahoo.com
(14:58:40) proxy: Attempting connection to 98.138.5.227
(14:58:40) proxy: Connecting to address.yahoo.com:80 with no proxy
(14:58:40) proxy: Connection in progress
(14:58:40) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:40 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
x-frame-options: sameorigin
Vary: Accept-Encoding
Content-Type: text/xml; charset=utf-8
Cache-Control: private
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: YTS/1.19.11

'
(14:58:40) proxy: Connecting to address.yahoo.com:80.
(14:58:40) proxy: Connected to address.yahoo.com:80.
(14:58:40) util: request constructed
(14:58:40) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:40 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
x-frame-options: sameorigin
Vary: Accept-Encoding
Content-Type: text/xml; charset=utf-8
Cache-Control: private
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: YTS/1.19.11

'
(14:58:43) account: Connecting to account [email protected]/.
(14:58:43) connection: Connecting. gc = 0534E4E0
(14:58:43) proxy: No Windows proxy set.
(14:58:43) dnssrv: querying SRV record for gmail.com: _xmpp-client._tcp.gmail.co
m
(14:58:43) wpurple: This version of dnsapi.dll contains DnsQuery_UTF8
(14:58:43) wpurple: This version of dnsapi.dll contains DnsRecordListFree
(14:58:43) dnssrv: found 5 SRV entries
(14:58:43) proxy: No Windows proxy set.
(14:58:43) dnsquery: Performing DNS lookup for xmpp.l.google.com
(14:58:43) proxy: No Windows proxy set.
(14:58:44) dnsquery: IP resolved for xmpp.l.google.com
(14:58:44) proxy: Attempting connection to 173.194.70.125
(14:58:44) proxy: Connecting to xmpp.l.google.com:5222 with no proxy
(14:58:44) proxy: Connection in progress
(14:58:44) proxy: Connecting to xmpp.l.google.com:5222.
(14:58:44) proxy: Connected to xmpp.l.google.com:5222.
(14:58:44) jabber: Sending ([email protected]): <?xml version='1.0' ?>
(14:58:44) jabber: Sending ([email protected]): <stream:stream to='gmail.com
' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version=
'1.0'>
(14:58:44) jabber: Recv (138): <stream:stream from="gmail.com" id="29377D07DDD6A
095" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber
:client">
(14:58:44) jabber: Recv (241): <stream:features><starttls xmlns="urn:ietf:params
:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:n
s:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism
></mechanisms></stream:features>
(14:58:44) jabber: Sending ([email protected]): <starttls xmlns='urn:ietf:pa
rams:xml:ns:xmpp-tls'/>
(14:58:45) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

(14:58:45) nss: subject=CN=gmail.com,O=Google Inc,L=Mountain View,ST=California,
C=US issuer=CN=Google Internet Authority G2,O=Google Inc,C=US
(14:58:45) nss: subject=CN=Google Internet Authority G2,O=Google Inc,C=US issuer
=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
(14:58:45) nss: subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US issuer=CN=Geo
Trust Global CA,O=GeoTrust Inc.,C=US
(14:58:45) certificate/x509/tls_cached: Starting verify for gmail.com
(14:58:45) certificate/x509/tls_cached: Checking for cached cert...
(14:58:45) certificate/x509/tls_cached: ...Found cached cert
(14:58:45) nss/x509: Loading certificate from C:\Users\XMo\AppData\Roaming\.
purple\certificates\x509\tls_peers\gmail.com
(14:58:45) certificate/x509/tls_cached: Peer cert did NOT match cached
(14:58:45) certificate: Checking signature chain for uid=CN=gmail.com,O=Google I
nc,L=Mountain View,ST=California,C=US
(14:58:45) certificate: ...Good signature by CN=Google Internet Authority G2,O=G
oogle Inc,C=US
(14:58:45) certificate: ...Good signature by CN=GeoTrust Global CA,O=GeoTrust In
c.,C=US
(14:58:45) certificate: Chain is VALID
(14:58:45) certificate/x509/tls_cached: Checking for a CA with DN=CN=GeoTrust Gl
obal CA,O=GeoTrust Inc.,C=US
(14:58:45) certificate/x509/tls_cached: Also checking for a CA with DN=CN=GeoTru
st Global CA,O=GeoTrust Inc.,C=US
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\AddTrust_External_Root.pem
(14:58:45) certificate/x509/ca: Loaded AddTrust External CA Root from C:\Program
 Files (x86)\Pidgin\ca-certs\AddTrust_External_Root.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\America_Online_Root_Certification_Authority_1.pem
(14:58:45) certificate/x509/ca: Loaded America Online Root Certification Authori
ty 1 from C:\Program Files (x86)\Pidgin\ca-certs\America_Online_Root_Certificati
on_Authority_1.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\AOL_Member_CA.pem
(14:58:45) certificate/x509/ca: Loaded AOL Member CA from C:\Program Files (x86)
\Pidgin\ca-certs\AOL_Member_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\CAcert_Class3.pem
(14:58:45) certificate/x509/ca: Loaded CAcert Class 3 Root from C:\Program Files
 (x86)\Pidgin\ca-certs\CAcert_Class3.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\CAcert_Root.pem
(14:58:45) certificate/x509/ca: Loaded CA Cert Signing Authority from C:\Program
 Files (x86)\Pidgin\ca-certs\CAcert_Root.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Deutsche_Telekom_Root_CA_2.pem
(14:58:45) certificate/x509/ca: Loaded Deutsche Telekom Root CA 2 from C:\Progra
m Files (x86)\Pidgin\ca-certs\Deutsche_Telekom_Root_CA_2.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\DigiCertHighAssuranceCA-3.pem
(14:58:45) certificate/x509/ca: Loaded DigiCert High Assurance CA-3 from C:\Prog
ram Files (x86)\Pidgin\ca-certs\DigiCertHighAssuranceCA-3.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Entrust.net_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded Entrust.net Secure Server Certification A
uthority from C:\Program Files (x86)\Pidgin\ca-certs\Entrust.net_Secure_Server_C
A.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Equifax_Secure_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\Equifax_Secure_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Equifax_Secure_Global_eBusiness_CA-1.pem
(14:58:45) certificate/x509/ca: Loaded Equifax Secure Global eBusiness CA-1 from
 C:\Program Files (x86)\Pidgin\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem

(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Go_Daddy_Class_2_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\Go_Daddy_Class_2_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\GTE_CyberTrust_Global_Root.pem
(14:58:45) certificate/x509/ca: Loaded GTE CyberTrust Global Root from C:\Progra
m Files (x86)\Pidgin\ca-certs\GTE_CyberTrust_Global_Root.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Microsoft_Internet_Authority.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Internet Authority from C:\Prog
ram Files (x86)\Pidgin\ca-certs\Microsoft_Internet_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Microsoft_Internet_Authority_2010.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Internet Authority from C:\Prog
ram Files (x86)\Pidgin\ca-certs\Microsoft_Internet_Authority_2010.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Microsoft_Secure_Server_Authority.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Secure Server Authority from C:
\Program Files (x86)\Pidgin\ca-certs\Microsoft_Secure_Server_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Microsoft_Secure_Server_Authority_2010.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Secure Server Authority from C:
\Program Files (x86)\Pidgin\ca-certs\Microsoft_Secure_Server_Authority_2010.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\StartCom_Certification_Authority.pem
(14:58:45) certificate/x509/ca: Loaded StartCom Certification Authority from C:\
Program Files (x86)\Pidgin\ca-certs\StartCom_Certification_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\StartCom_Free_SSL_CA.pem
(14:58:45) certificate/x509/ca: Loaded Free SSL Certification Authority from C:\
Program Files (x86)\Pidgin\ca-certs\StartCom_Free_SSL_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Thawte_Premium_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded Thawte Premium Server CA from C:\Program
Files (x86)\Pidgin\ca-certs\Thawte_Premium_Server_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Thawte_Primary_Root_CA.pem
(14:58:45) certificate/x509/ca: Loaded thawte Primary Root CA from C:\Program Fi
les (x86)\Pidgin\ca-certs\Thawte_Primary_Root_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\ValiCert_Class_2_VA.pem
(14:58:45) certificate/x509/ca: Loaded http://www.valicert.com/ from C:\Program
Files (x86)\Pidgin\ca-certs\ValiCert_Class_2_VA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_Class3_Extended_Validation_CA.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Extended Validation SSL
CA from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class3_Extended_Validati
on_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Verisign_Class3_Primary_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\Verisign_Class3_Primary_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certifica
tion Authority - G5 from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class_3
_Public_Primary_Certification_Authority_-_G5.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certifica
tion Authority - G5 from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class_3
_Public_Primary_Certification_Authority_-_G5_2.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_International_Server_Class_3_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\VeriSign_International_Server_Class_3_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Verisign_RSA_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\Verisign_RSA_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Lazy init completed.
(14:58:45) certificate/x509/tls_cached: No Certificate Authorities with either D
N found found. I'll prompt the user, I guess.
(14:58:47) certificate/x509/tls_cached: User REJECTED cert
(14:58:47) certificate: Failed to verify certificate for gmail.com
(14:58:47) connection: Connection error on 0534E4E0 (reason: 15 description: SSL
 peer presented an invalid certificate)
(14:58:47) account: Disconnecting account [email protected]/ (00926D38)
(14:58:47) connection: Disconnecting connection 0534E4E0
(14:58:47) connection: Destroying connection 0534E4E0
(14:58:49) util: Writing file accounts.xml to directory C:\Users\XMo\AppData
\Roaming\.purple
(14:58:49) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\accounts.
xml
1

There are 1 answers

1
Jeremy V On BEST ANSWER

I received the same error this morning and found a similar complaint here: http://comments.gmane.org/gmane.comp.gnome.pidgin.user/13678 .

I updated my Pidgin client to 2.10.7 as suggested and everything appears to work fine now.

I hope that helps.