pkg/55944: Libloudmouth has problems with wildcard SSL/TLS certificates

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/55944: Libloudmouth has problems with wildcard SSL/TLS certificates
From: adrian%mx.aik.onl@localhost
Date: Fri, 22 Jan 2021 14:10:00 +0000 (UTC)

>Number:         55944
>Category:       pkg
>Synopsis:       libloudmouth has problems with wildacrd SSL/TLS certifactes using it with mcabber
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 22 14:10:00 +0000 2021
>Originator:     Adrian Immanuel Kiess
>Release:        NetBSD 9.1
>Organization:
	
>Environment:
mcabber version 1.1.0 on NetBSD 9.1/amd64
	
	
System: NetBSD www3.kiess.onl 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
  using the binaries from the current pkgsrc release pkgsrc-2020Q4, mcabber aborts the connection to a Prosody XMPP server (Version 0.11.7-1 from Debian) using the secure TLS protocol with the following error: "Certificate hostname does not match expected hostname!". One has to set "set ssl_ignore_checks = 1" in mcabberrc, to make mcabber connect successfully to the Prosody XMPP server over secure TLS protocal.

	Holger WeiÃ? found the reason for this error I am having in the loudmouth library, on NetBSD linked against OpenSSL.

	Holger WeiÃ? (holger at zedat.fu-berlin.de) pointed out a patch, already existing in the loudmouth library:

	https://github.com/mcabber/loudmouth/commit/792d8bd529f5dc0577dcc28c5f31b6a437d970fa.patch

	I also tested mcabber on Debian (Version 1.1.2) and FreeBSD (Version 1.1.1) where mcabber can connect without issues over the TLS secure protocol to the Prosody XMPP server.

	Thank you very much for your kind attention.

	Sincerely,

	Adrian
>How-To-Repeat:
  Connect with mcabber from the current pkgsrc quarterlies binaries on NetBSD 9.1/amd64 to a Prosody XMPP server, which is using a wildcard certificate, over TLS.
>Fix:
  Proposed fix for loudmouth: https://github.com/mcabber/loudmouth/commit/792d8bd529f5dc0577dcc28c5f31b6a437d970fa.patch

>Unformatted:

Prev by Date: PR/55949 CVS commit: pkgsrc/chat/profanity
Next by Date: pkg/55947: add https://www.gnupg.org/ftp/gcrypt/libgpg-error/ to security/libgpg-error MASTER_SITES
Previous by Thread: PR/55949 CVS commit: pkgsrc/chat/profanity
Next by Thread: pkg/55947: add https://www.gnupg.org/ftp/gcrypt/libgpg-error/ to security/libgpg-error MASTER_SITES
Indexes:

Home | Main Index | Thread Index | Old Index