cocoaforge


https://forums.cocoaforge.com/

1.2.1 complains of certificate mismatch w/ google talk

https://forums.cocoaforge.com/viewtopic.php?f=13&t=16518

Page 1 of 1

1.2.1 complains of certificate mismatch w/ google talk

Posted: Thu Feb 07, 2008 3:19 pm
by buddyglass
I'm running 1.2.1 on Leopard. Since upgrading to 1.2.1, I get a certificate mismatch whenever I connect to my google talk account. It's one of their "branded" services, so my login is not a "gmail-com" address.

It looks like the issue is that the certificate was issued to "talk-google-com" but Adium is connecting to "gmail-com". Nowhere in that account's preferences is there a reference to "gmail-com". When I de-select the option "Do strict certificate checks" the problem goes away.

Interestingly, checking the box "Always trust talk-google-com when connecting to gmail-com", in the certificate warning dialogue, does not keep the warning from appearing each time I connect.

So I'd say there are two issues:

1. Why did this warning suddenly start appearing w/ the 1.2.1 upgrade?

2. Why does checking the "Always trust..." box in the warning dialogue not keep the warning from appearing each time I connect?

Any thoughts?

Posted: Fri Feb 08, 2008 2:59 am
by evands
This is a bug in 1.2.1 due to the fact that Google signs the certificate in a non-standard way. Although you're connecting to talk.google.com, the cert is signed with google.com. Because of a related bug, the always trust checkbox doesn't work as expected.

As of 1.2.2, this special case is fixed so that you will be able to properly trust the certificate, and the always trust checkbox works properly. 1.2.2 is not yet released; for now, just disable cert checking as you have done.

Posted: Fri Feb 08, 2008 3:04 pm
by buddyglass
Thanks for the reply. Glad it's been found!

If this helps, my coworkers (same google talk accounts, same version of adium) aren't seeing this issue. They have strict checking turned on.

I have a "normal" google talk account configured in addition to my "branded" work account, so that may be the relevant difference between our configurations.

Re: 1.2.1 complains of certificate mismatch w/ google talk

Posted: Tue Feb 24, 2009 4:20 pm
by TheCat
I am running Adium 1.3.2 and having exactly the same problem with Meebo via Jabber. Every time I start Adium, I get the error:
Adium can't verify the identify of "meebo.org".
The certificate of the server meebo.org is not trusted, which means that the server's identity cannot be automatically verified. Do you want to continue connecting?
For more information, click "Show Certificate".
When I click "show certificate" and check the always trust box, nothing happens. I still have to approve the certificate every time I start Adium.
Always trust "cimxmpp101" when connecting to "meebo.org"
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited