[Bug 624425] New: unable to connect to groupwise in Empathy without manually copying certificate
http://bugzilla.novell.com/show_bug.cgi?id=624425 http://bugzilla.novell.com/show_bug.cgi?id=624425#c0 Summary: unable to connect to groupwise in Empathy without manually copying certificate Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: x86-64 OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: jmcdonough@novell.com QAContact: qa@suse.de Found By: Development Blocker: --- See http://bugs.freedesktop.org/show_bug.cgi?id=23491 Connecting to Groupwise does not work without the workaround described in the upstream bug. You must manually copy ~/.purple/certificates/x509/tls_peers/im.novell.com to /tmp/haze-<random>/certificates/x509/tls_peers/ to get it to actually connect. Otherwise it just sits for long periods trying to connect. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c1
James Mason
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c2
Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c3
--- Comment #3 from Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c4
Alejandro Bonilla
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c5
--- Comment #5 from Gary Ching-Pang Lin
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c6
James Mason
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c7
James Mason
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c8
Dominique Leuenberger
Is there a build on OBS including this[1] patch?
This link is not for a patch, but points to a Xorg config file... If you have a different reference, I'll gladly look at it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c9
--- Comment #9 from James Mason
(In reply to comment #7)
Is there a build on OBS including this[1] patch?
This link is not for a patch, but points to a Xorg config file... If you have a different reference, I'll gladly look at it.
https://bugs.freedesktop.org/attachment.cgi?id=47806 referenced in https://bugs.freedesktop.org/show_bug.cgi?id=23491#c7 #copypastefail -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c10
--- Comment #10 from Dominique Leuenberger
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c11
Tony Jones
This is still present in 11.4, and causing trouble especially with GNOME 3, where Pidgin doesn't offer an equivalent experience.
Seems to still be present in the final release 12.1. This has been critical now for 6 months, either downgrade or the gnome group needs to provide a fix. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c13
Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c14
--- Comment #14 from Tony Jones
work fine with telepathy-haze 0.5 from dimstar repo, once the certificate is copied
I got the impression the cert had to be copied each time prior to Empathy being started. Is this not correct and it's a one time thing? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c15
--- Comment #15 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c16
--- Comment #16 from Tony Jones
with package from dimstar repository, it is a onetime thing : you need to copy the certificate as ~/.local/share/telepathy-haze/certificates/im.novell.com
Thanks. That worked for me. I copied the certificate first to above path and (as expected) it didn't work but it did after the package was updated from above. Not sure if this is a fix but it's better than stock. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c17
Gabor Horvath
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c18
Andreas Färber
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c19
--- Comment #19 from James Mason
Annoying that 12.1's GNOME3 ships with a broken default app (Empathy) whereas Pidgin is able to show a dialog about the certificate just okay.
I wouldn't call it "broken", as, AFAIK, telepathy-haze *will* connect to a groupwise IM server if the certificate is valid. The issue is twofold: (1) telepathy-haze simply does not connect if the certificate is not valid (where as pidgin (using libpurple directly) does prompt; and (2) the certificate for Novell's Groupwise IM server, at im.novell.com, isn't valid. I don't see any posts here from users on other Groupwise IM servers, so I would propose that the simplest possible solution is for Novell to have a valid certificate for im.novell.com . -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c20
--- Comment #20 from Gabor Horvath
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c21
--- Comment #21 from Ciaran Farrell
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c22
--- Comment #22 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c23
--- Comment #23 from Vincent Untz
Gnome team, could you find a way to release an update so that it works for everybody at SUSE out of the box?
We can certainly ship the patch that solves the issue if the user copies the certificate by hand (see home:fcrozat:branches:openSUSE:11.4:Update:Test/telepathy-haze). But if we want to make it work out of the box, that would imply shipping the certificate in the package. And I don't think that's a good idea. Or someone can take the time to do the proper fix (see https://bugs.freedesktop.org/show_bug.cgi?id=23491). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c24
--- Comment #24 from James Mason
James, is the certificate really not valid? Did you open a request to IS&T for a valid one?
Open your browser to https://im.novell.com and see for yourself. This is the root problem: Pidgin simply prompts about accepting an invalid cert; but Empathy is too far removed from the purple stack to do so, apparently. No, I haven't opened a request to IS&T. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c25
--- Comment #25 from Ciaran Farrell
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c26
--- Comment #26 from Gabor Horvath
On my laptop I have to repeat the copying of the im.novell.com cert every time I log in.
Is there any way of working around this - possibly with some kind of shell script run on login?
SRV=im.novell.com echo -n | openssl s_client -connect $SRV:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/haze-*/certificates/x509/tls_peers/$SRV You could put this in a script, but empathy has to be running before this is of any use. Then you'll prob have to manually enable/disable the gw account. I don't know if this works, please let me know :) Would adding the CA's certificate to /etc/ssl/certs help this? That'd be something of a more sustainable workaround, provided we can get the CA cert. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c27
--- Comment #27 from Ciaran Farrell
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c28
--- Comment #28 from Andreas Färber
https://bugzilla.novell.com/show_bug.cgi?id=624425
https://bugzilla.novell.com/show_bug.cgi?id=624425#c29
James McDonough
participants (1)
-
bugzilla_noreply@novell.com