Reply to topic

Trusting a SSL certificate

schmittlauch
Registered Member
Posts
1
Karma
0

Trusting a SSL certificate

Tue Sep 18, 2012 1:30 pm
My Jabber server is jabber.ccc.de and their certificate is signed by CACert. This CA isn't set as trusted by default, so added it in the kcm SSL settings (as said on http://web.jabber.ccc.de/?page_id=44 (german)). But ktelepathy does still complain about an untrusted certificate. I don't want to tell telepathy to ignore SSL errors generally because it would also ignore a changed certificate when someone does a man-in-the-middle attack (?)
So is there another way to add new CAs?
iamsorandom
Registered Member
Posts
32
Karma
0

Re: Trusting a SSL certificate

Wed May 01, 2013 3:37 pm
I'm having a similiar problem, though I think the Jabber certificate should be startSSl?
david_edmundson
KDE Developer
Posts
202
Karma
1
OS

Re: Trusting a SSL certificate

Wed May 01, 2013 3:40 pm
Theoretically KTp 0.6.0+ should check x509 certificates and display a prompt if they don't work.

1) Confirm what version you're running

2) run /usr/lib/kde4/libexec/ktp-auth-handler --debug --persist

try to connect, then paste the output.
iamsorandom
Registered Member
Posts
32
Karma
0

Re: Trusting a SSL certificate

Wed May 01, 2013 4:58 pm
I'm running 0.5 in linux mint 14 KDE, synaptic says that is the latest package so I guess the linux mint/ubuntu repositories haven't got 0.6 yet? Is there any way I could update to the more recent ones?
iamsorandom
Registered Member
Posts
32
Karma
0

Re: Trusting a SSL certificate

Wed May 01, 2013 5:03 pm
Notification comes up saying 'there was a problem trying to connect....certificate was not signed by a trusted root authority or some such'

terminal doesn't seem to be doing anything:

/usr/lib/kde4/libexec/ktp-auth-handler --debug --persist
Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 9: reading configurations from ~/.fonts.conf is deprecated.

and still seems to be waiting for something.
iamsorandom
Registered Member
Posts
32
Karma
0

Re: Trusting a SSL certificate

Wed May 01, 2013 5:07 pm
Yep, no output from terminal
david_edmundson
KDE Developer
Posts
202
Karma
1
OS

Re: Trusting a SSL certificate

Wed May 01, 2013 7:08 pm
it won't output anything until you next try to connect.

You might need to do run kdebugdialog and enable ktp-auth-handler.
that said, it's known that this doesn't work in 0.5.0... we only wrote cert managing for 0.6

I don't know about all the distro packaging, sorry.
iamsorandom
Registered Member
Posts
32
Karma
0

Re: Trusting a SSL certificate

Wed May 01, 2013 7:49 pm
OK, cool, thanks. I did try connecting. Looks like I might come back to telepathy in a bit when 0.6 has worked its way here.

By the way, there doesn't seem to be a quit option on the control module menu, or a 'don't automatically run on start up' option that I can see - is there anyway of disabling it for now short of uninstalling the package?
david_edmundson
KDE Developer
Posts
202
Karma
1
OS

Re: Trusting a SSL certificate

Wed May 01, 2013 7:57 pm
Well that's sad. Hopefully you'll get 0.6 soon.

There's an option in settings "AutoConnect" disable this.
You can also just disable all your accounts in systemsettings.

OR

you can bodge this certificates issue. Pre-0.6 we don't check the certificates ourselves, so the backend does it itself against the system certificates (and not local KDE ones)

I don't know the details.
iamsorandom
Registered Member
Posts
32
Karma
0

Re: Trusting a SSL certificate

Wed May 01, 2013 9:27 pm
Thanks!

Yeah...I think there may actually be a bug with the KDE backend (system certificates) on this one, as I tried to add it a few weeks ago to no avail.

I will have a look into this in a couple weeks when I have more time!
lvella
Registered Member
Posts
1
Karma
0

Re: Trusting a SSL certificate

Thu May 23, 2013 4:54 pm
I am having the same problem, but the reported vertions is 0.6.1 (i.e. on the "About" entry on the contact list help menu). Full localized (pt_BR) text:

Lista de Contatos do Telepathy para o KDE
Versão 0.6.1
Usando a plataforma de desenvolvimento KDE 4.10.2

Souldn't the problem be solved in this version?
david_edmundson
KDE Developer
Posts
202
Karma
1
OS

Re: Trusting a SSL certificate

Thu May 23, 2013 4:57 pm
0) Run kde-debugdialog and enable logs on ktp-auth-handler

1) Disable all the accounts

2) Run /usr/lib/kde4/libexec/ktp-auth-handler --debug --persist

3) Connect the account with the problem

4) send me the output of step 2.
User avatar mbnoimi
Registered Member
Posts
216
Karma
0
OS

Re: Trusting a SSL certificate

Sun Aug 04, 2013 12:41 pm
I've exactly same issue and I don't know how to:
0) Run kde-debugdialog and enable logs on ktp-auth-handler


How can I accept untrusted certificates?

Btw, I use Pidgin instead of Telepathy because it shows a message box contains on accepting button for untrusted certificates while Telepathy doesn't!
david_edmundson
KDE Developer
Posts
202
Karma
1
OS

Re: Trusting a SSL certificate

Wed Aug 07, 2013 2:54 pm
I made some changes to this area in 0.6.3. (released today)

Please report back if that fixes your problem
User avatar mbnoimi
Registered Member
Posts
216
Karma
0
OS

Re: Trusting a SSL certificate

Wed Aug 07, 2013 11:55 pm
I made some changes to this area in 0.6.3. (released today)

I'm using ubuntu 13.04. How can I get recent binaries?

 
Reply to topic

Bookmarks



Who is online

Registered users: alake, Alexa [Bot], Baidu [Spider], Bing [Bot], bshah, Exabot [Bot], Google [Bot], grubaugh, Hans, Naver Yeti [Spider], onesandzeros, orbmiser, pedrorodriguez, pvonz, searchfgold6789, Uri_Herrera, Yahoo [Bot]