Re: [opensuse-factory] New Tumbleweed snapshot 20160405 released! (ca-certificates-mozilla)
On Wed, Apr 06, 2016 at 02:39:55AM +0000, Ludwig Nussel wrote:
Packages changed:
[...]
ca-certificates-mozilla (2.2 -> 2.7)
With this update I saw certificate errors in pidgin for google talk, which went away after downgrading the package to the version from 13.2. -- ======================== Roger Whittaker roger@disruptive.org.uk ======================== -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Apr 06, 2016 at 10:47:36AM +0100, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 02:39:55AM +0000, Ludwig Nussel wrote:
Packages changed:
[...]
ca-certificates-mozilla (2.2 -> 2.7)
With this update I saw certificate errors in pidgin for google talk, which went away after downgrading the package to the version from 13.2.
Did anyone else see problems with this package? Wondering whether to open a bug. -- ======================== Roger Whittaker roger@disruptive.org.uk ======================== -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, Apr 07, 2016 at 02:35:33PM +0100, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 10:47:36AM +0100, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 02:39:55AM +0000, Ludwig Nussel wrote:
Packages changed:
[...]
ca-certificates-mozilla (2.2 -> 2.7)
With this update I saw certificate errors in pidgin for google talk, which went away after downgrading the package to the version from 13.2.
Did anyone else see problems with this package?
Wondering whether to open a bug.
I removed some of the old legacy 1024 bit CAs that I still kept in there, as openssl 1.0.2 and also gnutls should now be able to work now in those setups. I tried if I get SSL cert errors in pidgin for gmail.com / talk.google.com, but i do not see any. Which host does pidgin connect to for you? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, Apr 07, 2016 at 03:53:23PM +0200, Marcus Meissner wrote:
I removed some of the old legacy 1024 bit CAs that I still kept in there, as openssl 1.0.2 and also gnutls should now be able to work now in those setups.
I tried if I get SSL cert errors in pidgin for gmail.com / talk.google.com, but i do not see any.
Which host does pidgin connect to for you?
In "edit account" I see: protocol XMPP domain gmail.com When sending an IM message I see from tcpdump that it's talking to wa-in-f125.1e100.net. -- ======================== Roger Whittaker roger@disruptive.org.uk ======================== -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thursday 2016-04-07 16:07, Roger Whittaker wrote:
On Thu, Apr 07, 2016 at 03:53:23PM +0200, Marcus Meissner wrote:
Which host does pidgin connect to for you?
In "edit account" I see:
protocol XMPP domain gmail.com
When sending an IM message I see from tcpdump that it's talking to wa-in-f125.1e100.net.
Didn't google kill their external xmpp service? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
2016-04-07 16:18 GMT+02:00 Jan Engelhardt <jengelh@inai.de>:
... Didn't google kill their external xmpp service?
From what I've seen they didn't kill it, but their XMPP doesn't support server-to-server encryption. See https://xmpp.org/2015/03/no-its-not-the-end-of-xmpp-for-google-talk/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 04/07/2016 11:05 PM, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 10:47:36AM +0100, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 02:39:55AM +0000, Ludwig Nussel wrote:
Packages changed:
[...]
ca-certificates-mozilla (2.2 -> 2.7)
With this update I saw certificate errors in pidgin for google talk, which went away after downgrading the package to the version from 13.2.
Did anyone else see problems with this package?
Wondering whether to open a bug.
Hi, I worked around it by doing the following from https://askubuntu.com/questions/610585/force-pidgin-to-acept-an-invalid-cert... with the following "openssl s_client -connect talk.google.com:5223" then enabling "old style encryption" using the above server and port, Unfortunately I couldn't really see how well it was working given my @gmail account has no contacts, and I haven't convinced it to let me authenticate my @simotek.net address yet. I'm not sure if its the best solution but I hope it helps. Cheers -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adeliade Australia, UTC+9:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On Fri, Apr 08, 2016 at 10:53:27AM +0930, Simon Lees wrote:
On 04/07/2016 11:05 PM, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 10:47:36AM +0100, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 02:39:55AM +0000, Ludwig Nussel wrote:
Packages changed:
[...]
ca-certificates-mozilla (2.2 -> 2.7)
With this update I saw certificate errors in pidgin for google talk, which went away after downgrading the package to the version from 13.2.
Did anyone else see problems with this package?
Wondering whether to open a bug.
Hi,
I worked around it by doing the following from https://askubuntu.com/questions/610585/force-pidgin-to-acept-an-invalid-cert... with the following "openssl s_client -connect talk.google.com:5223" then enabling "old style encryption" using the above server and port, Unfortunately I couldn't really see how well it was working given my @gmail account has no contacts, and I haven't convinced it to let me authenticate my @simotek.net address yet.
I'm not sure if its the best solution but I hope it helps.
Definitely not, accepting invalid certificates is a security problem. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi, FWIW, I reenabled the old stack legacy certs again in ca-certificates-mozilla, with the next update it should work again. Ciao, Marcus On Fri, Apr 08, 2016 at 09:47:42AM +0200, Marcus Meissner wrote:
On Fri, Apr 08, 2016 at 10:53:27AM +0930, Simon Lees wrote:
On 04/07/2016 11:05 PM, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 10:47:36AM +0100, Roger Whittaker wrote:
On Wed, Apr 06, 2016 at 02:39:55AM +0000, Ludwig Nussel wrote:
Packages changed:
[...]
ca-certificates-mozilla (2.2 -> 2.7)
With this update I saw certificate errors in pidgin for google talk, which went away after downgrading the package to the version from 13.2.
Did anyone else see problems with this package?
Wondering whether to open a bug.
Hi,
I worked around it by doing the following from https://askubuntu.com/questions/610585/force-pidgin-to-acept-an-invalid-cert... with the following "openssl s_client -connect talk.google.com:5223" then enabling "old style encryption" using the above server and port, Unfortunately I couldn't really see how well it was working given my @gmail account has no contacts, and I haven't convinced it to let me authenticate my @simotek.net address yet.
I'm not sure if its the best solution but I hope it helps.
Definitely not, accepting invalid certificates is a security problem.
Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (5)
-
Jan Engelhardt -
Marcus Meissner -
René Krell -
Roger Whittaker -
Simon Lees