[Bug 624425] New: unable to connect to groupwise in Empathy without manually copying certificate
http://bugzilla.novell.com/show_bug.cgi?id=624425 http://bugzilla.novell.com/show_bug.cgi?id=624425#c0 Summary: unable to connect to groupwise in Empathy without manually copying certificate Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: x86-64 OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: jmcdonough@novell.com QAContact: qa@suse.de Found By: Development Blocker: --- See http://bugs.freedesktop.org/show_bug.cgi?id=23491 Connecting to Groupwise does not work without the workaround described in the upstream bug. You must manually copy ~/.purple/certificates/x509/tls_peers/im.novell.com to /tmp/haze-<random>/certificates/x509/tls_peers/ to get it to actually connect. Otherwise it just sits for long periods trying to connect. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c1 James Mason <jmason@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium CC| |jmason@novell.com Component|GNOME |GNOME Platform|x86-64 |All Product|openSUSE 11.3 |openSUSE 11.4 Target Milestone|--- |Final OS/Version|openSUSE 11.3 |openSUSE 11.4 --- Comment #1 from James Mason <jmason@novell.com> 2011-05-05 17:51:47 UTC --- This is still present in 11.4, and causing trouble especially with GNOME 3, where Pidgin doesn't offer an equivalent experience. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c2 Olaf Hering <ohering@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Major |Critical --- Comment #2 from Olaf Hering <ohering@novell.com> 2011-05-12 14:29:24 CEST --- How can this remain in the unfixed state for a company that relies groupwise? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c3 --- Comment #3 from Olaf Hering <ohering@novell.com> 2011-05-12 15:00:25 CEST --- Guys, what are you doing here? Its even broken in 11.3. And it doesnt even ask for server and port per default. I just tried kopete in 11.4, all it takes is user/passwort and server+port to get online without hassle. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c4 Alejandro Bonilla <abonilla@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abonilla@novell.com --- Comment #4 from Alejandro Bonilla <abonilla@novell.com> 2011-06-28 11:49:33 UTC --- Can we give some Priority to this Bug? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c5 --- Comment #5 from Gary Ching-Pang Lin <glin@novell.com> 2011-07-04 07:14:42 UTC --- *** Bug 702569 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=702569 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c6 James Mason <jmason@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michael.miller@suse.com --- Comment #6 from James Mason <jmason@suse.com> 2011-10-12 01:31:56 UTC --- This is *still* a problem in openSUSE 12.1 Beta1 . Considering that we're not even installing pidgin by default anymore, this should be a priority. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c7 James Mason <jmason@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |fcrozat@suse.com --- Comment #7 from James Mason <jmason@suse.com> 2011-10-14 16:07:59 UTC --- Is there a build on OBS including this[1] patch? [1] https://bugs.freedesktop.org/attachment.cgi?id=4780 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c8 Dominique Leuenberger <dimstar@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dimstar@opensuse.org --- Comment #8 from Dominique Leuenberger <dimstar@opensuse.org> 2011-10-14 17:43:00 UTC --- (In reply to comment #7)
Is there a build on OBS including this[1] patch?
This link is not for a patch, but points to a Xorg config file... If you have a different reference, I'll gladly look at it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c9 --- Comment #9 from James Mason <jmason@suse.com> 2011-10-14 17:51:45 UTC --- (In reply to comment #8)
(In reply to comment #7)
Is there a build on OBS including this[1] patch?
This link is not for a patch, but points to a Xorg config file... If you have a different reference, I'll gladly look at it.
https://bugs.freedesktop.org/attachment.cgi?id=47806 referenced in https://bugs.freedesktop.org/show_bug.cgi?id=23491#c7 #copypastefail -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c10 --- Comment #10 from Dominique Leuenberger <dimstar@opensuse.org> 2011-10-15 15:01:03 UTC --- Packages with the patch are available for Factory at http://download.opensuse.org/repositories/home:/dimstar:/empathy-gwim/ But I need to note here that with telepathy-haze 0.5, this seems not to work. The best workaround seems still to be to copy the cert manually. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c11 Tony Jones <tonyj@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tonyj@suse.com --- Comment #11 from Tony Jones <tonyj@suse.com> 2011-11-17 01:55:23 UTC --- (In reply to comment #1)
This is still present in 11.4, and causing trouble especially with GNOME 3, where Pidgin doesn't offer an equivalent experience.
Seems to still be present in the final release 12.1. This has been critical now for 6 months, either downgrade or the gnome group needs to provide a fix. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c13 Frederic Crozat <fcrozat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |fcrozat@suse.com InfoProvider|fcrozat@suse.com | --- Comment #13 from Frederic Crozat <fcrozat@suse.com> 2011-11-17 15:22:17 UTC --- work fine with telepathy-haze 0.5 from dimstar repo, once the certificate is copied -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c14 --- Comment #14 from Tony Jones <tonyj@suse.com> 2011-11-17 16:26:17 UTC --- (In reply to comment #13)
work fine with telepathy-haze 0.5 from dimstar repo, once the certificate is copied
I got the impression the cert had to be copied each time prior to Empathy being started. Is this not correct and it's a one time thing? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c15 --- Comment #15 from Frederic Crozat <fcrozat@suse.com> 2011-11-17 16:45:16 UTC --- with package from dimstar repository, it is a onetime thing : you need to copy the certificate as ~/.local/share/telepathy-haze/certificates/im.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c16 --- Comment #16 from Tony Jones <tonyj@suse.com> 2011-11-17 17:32:38 UTC --- (In reply to comment #15)
with package from dimstar repository, it is a onetime thing : you need to copy the certificate as ~/.local/share/telepathy-haze/certificates/im.novell.com
Thanks. That worked for me. I copied the certificate first to above path and (as expected) it didn't work but it did after the package was updated from above. Not sure if this is a fix but it's better than stock. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c17 Gabor Horvath <gahorvath@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gahorvath@novell.com --- Comment #17 from Gabor Horvath <gahorvath@novell.com> 2011-11-26 18:55:09 UTC --- This bug is still present in OpenSUSE 12.1 final. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c18 Andreas Färber <afaerber@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |afaerber@suse.com --- Comment #18 from Andreas Färber <afaerber@suse.com> 2011-12-02 13:11:50 UTC --- Annoying that 12.1's GNOME3 ships with a broken default app (Empathy) whereas Pidgin is able to show a dialog about the certificate just okay. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c19 --- Comment #19 from James Mason <jmason@suse.com> 2011-12-02 21:48:31 UTC --- (In reply to comment #18)
Annoying that 12.1's GNOME3 ships with a broken default app (Empathy) whereas Pidgin is able to show a dialog about the certificate just okay.
I wouldn't call it "broken", as, AFAIK, telepathy-haze *will* connect to a groupwise IM server if the certificate is valid. The issue is twofold: (1) telepathy-haze simply does not connect if the certificate is not valid (where as pidgin (using libpurple directly) does prompt; and (2) the certificate for Novell's Groupwise IM server, at im.novell.com, isn't valid. I don't see any posts here from users on other Groupwise IM servers, so I would propose that the simplest possible solution is for Novell to have a valid certificate for im.novell.com . -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c20 --- Comment #20 from Gabor Horvath <gahorvath@novell.com> 2011-12-05 15:06:53 UTC --- James, I think you are right the simplest being fixing Novell's GW messenger server. It is however still an error in the software, that there is no warning about any of this, empathy just keeps trying to connect endlessly. Or so it seems by looking at the application. It'd be nice to at least get an error message about that invalid certificate. It is suboptimal to have to go mucking around creating directories and copying certificates to get a messenger app running. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c21 --- Comment #21 from Ciaran Farrell <cfarrell@suse.com> 2012-02-07 19:23:33 UTC --- It is insane that empathy just shows a spinning wheel and the user is never told why the connection will never work. A dialog would solve this for everyone. Manually copying the certificate is a brutal hack. For most users (including me, until I found the fix on a _Ubuntu_ forum), Empathy is hopelessly broken for Groupwise. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c22 --- Comment #22 from Andreas Jaeger <aj@suse.com> 2012-02-08 15:41:16 UTC --- Gnome team, could you find a way to release an update so that it works for everybody at SUSE out of the box? James, is the certificate really not valid? Did you open a request to IS&T for a valid one? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c23 --- Comment #23 from Vincent Untz <vuntz@suse.com> 2012-02-08 16:26:25 UTC --- (In reply to comment #22)
Gnome team, could you find a way to release an update so that it works for everybody at SUSE out of the box?
We can certainly ship the patch that solves the issue if the user copies the certificate by hand (see home:fcrozat:branches:openSUSE:11.4:Update:Test/telepathy-haze). But if we want to make it work out of the box, that would imply shipping the certificate in the package. And I don't think that's a good idea. Or someone can take the time to do the proper fix (see https://bugs.freedesktop.org/show_bug.cgi?id=23491). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c24 --- Comment #24 from James Mason <jmason@suse.com> 2012-02-08 18:41:37 UTC --- (In reply to comment #22)
James, is the certificate really not valid? Did you open a request to IS&T for a valid one?
Open your browser to https://im.novell.com and see for yourself. This is the root problem: Pidgin simply prompts about accepting an invalid cert; but Empathy is too far removed from the purple stack to do so, apparently. No, I haven't opened a request to IS&T. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c25 --- Comment #25 from Ciaran Farrell <cfarrell@suse.com> 2012-02-10 09:27:18 UTC --- On my laptop I have to repeat the copying of the im.novell.com cert every time I log in. Is there any way of working around this - possibly with some kind of shell script run on login? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c26 --- Comment #26 from Gabor Horvath <gahorvath@novell.com> 2012-02-10 09:46:18 UTC --- (In reply to comment #25)
On my laptop I have to repeat the copying of the im.novell.com cert every time I log in.
Is there any way of working around this - possibly with some kind of shell script run on login?
SRV=im.novell.com echo -n | openssl s_client -connect $SRV:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/haze-*/certificates/x509/tls_peers/$SRV You could put this in a script, but empathy has to be running before this is of any use. Then you'll prob have to manually enable/disable the gw account. I don't know if this works, please let me know :) Would adding the CA's certificate to /etc/ssl/certs help this? That'd be something of a more sustainable workaround, provided we can get the CA cert. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c27 --- Comment #27 from Ciaran Farrell <cfarrell@suse.com> 2012-02-10 10:24:15 UTC --- This hideous hack seems to work for me (with all the obvious drawbacks of being stuck in a python process): cp /usr/bin/empathy /usr/bin/empathy-bin Then replace the /usr/bin/empathy binary with this: #!/usr/bin/python import os,getpass,shutil,sys,subprocess src = "%s/.purple/certificates/x509/tls_peers/im.novell.com"%(os.path.expanduser("~")) directories=[d for d in os.listdir("/tmp") if os.path.isdir("/tmp/"+d)] for d in directories: if d.lower().startswith("haze"): dest = "/tmp/%s/certificates/x509/tls_peers/im.novell.com"%d try: shutil.copy2(src,dest) except Exception,e: sys.stderr.write("%s\n"%str(e)) sys.exit(1) subprocess.call(['/usr/bin/empathy-bin']) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c28 --- Comment #28 from Andreas Färber <afaerber@suse.com> 2013-03-27 15:17:03 UTC --- In 12.3 this issue has apparently been fixed, I can connect just fine now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=624425 https://bugzilla.novell.com/show_bug.cgi?id=624425#c29 James McDonough <jmcdonough@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |FIXED --- Comment #29 from James McDonough <jmcdonough@suse.com> 2013-04-18 00:59:02 UTC --- Yes, it worked on a fresh 12.3 for me as well, so closing -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com