[Pkg-telepathy-maintainers] Bug#699233: empathy: Windows Live (MSN) accounts from GNOME Online Accounts report TLS cert as invalid

Simon McVittie smcv at debian.org
Tue Jan 29 11:51:20 UTC 2013 

Package: empathy
Version: 3.4.2.3-1+build1
Severity: important
Tags: fixed-upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=681079

Steps to reproduce: Use empathy from testing/unstable (*not* experimental,
which I suspect most of pkg-telepathy use - it's fixed there). Configure
a Windows Live account in gnome-online-accounts. Connect to it in Empathy.

Expected result: cert is accepted, assuming nobody is performing a MitM
attack on you at that moment

Actual result:

> This connection is untrusted. Would you like to continue anyway?
>
> The identity provided by the chat server cannot be verified.
>
> The hostname verified by the certificate doesn't match the server name.
>
> Expected hostname: messenger.live.com
> Certificate hostname: *.gateway.messenger.live.com

The error is really on Microsoft's side - the XMPP server is presenting
an inappropriate certificate - but Empathy 3.6's implementation of
/usr/lib/mission-control-plugins.0/mcp-account-manager-goa.so works around
it by instructing telepathy-gabble to accept this particular certificate
anyway. This is achieved by setting the
"extra-certificate-identities" parameter to "*.gateway.messenger.live.com".

The upstream patch is
http://git.gnome.org/browse/empathy/commit/goa-mc-plugin/mcp-account-manager-goa.c?id=e3228e2389734b25c41e01fb178c69f205216b0e
and would probably apply cleanly to Empathy 3.4. I think this is worth
asking for a freeze exception.

-- System Information:
Debian Release: 7.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages empathy depends on:
ii  dbus-x11                                     1.6.8-1
ii  dconf-gsettings-backend [gsettings-backend]  0.12.1-3
ii  empathy-common                               3.4.2.3-1+build1
ii  geoclue                                      0.12.0-4
ii  gnome-icon-theme                             3.4.0-2
ii  gsettings-desktop-schemas                    3.4.2-3
ii  libc6                                        2.13-38
ii  libcairo2                                    1.12.2-2.1
ii  libcanberra-gtk3-0                           0.28-6
ii  libcanberra0                                 0.28-6
ii  libchamplain-0.12-0                          0.12.3-1
ii  libchamplain-gtk-0.12-0                      0.12.3-1
ii  libcheese-gtk21                              3.4.2-2
ii  libclutter-1.0-0                             1.10.8-2
ii  libclutter-gst-1.0-0                         1.5.4-1+b2
ii  libclutter-gtk-1.0-0                         1.2.0-2
ii  libcogl9                                     1.10.2-6
ii  libdbus-glib-1-2                             0.100-1
ii  libebook-1.2-13                              3.4.4-1
ii  libenchant1c2a                               1.6.0-7
ii  libfarstream-0.1-0                           0.1.2-1
ii  libfolks-telepathy25                         0.6.9-1+b1
ii  libfolks25                                   0.6.9-1+b1
ii  libgcr-3-1                                   3.4.1-3
ii  libgdk-pixbuf2.0-0                           2.26.1-1
ii  libgee2                                      0.6.4-2
ii  libgeoclue0                                  0.12.0-4
ii  libgeocode-glib0                             0.99.0-1
ii  libglib2.0-0                                 2.33.12+really2.32.4-5
ii  libgnome-keyring0                            3.4.1-1
ii  libgnutls26                                  2.12.20-3
ii  libgoa-1.0-0                                 3.4.2-1
ii  libgstreamer-plugins-base0.10-0              0.10.36-1.1
ii  libgstreamer0.10-0                           0.10.36-1.1
ii  libgtk-3-0                                   3.4.2-5
ii  libgudev-1.0-0                               175-7.1
ii  libmission-control-plugins0                  1:5.14.0-1
ii  libnm-glib4                                  0.9.4.0-8
ii  libnotify4                                   0.7.5-1
ii  libpango1.0-0                                1.30.0-1
ii  libpulse-mainloop-glib0                      2.0-6
ii  libpulse0                                    2.0-6
ii  libsoup2.4-1                                 2.38.1-2
ii  libtelepathy-farstream2                      0.4.0-3
ii  libtelepathy-glib0                           0.20.1-1
ii  libtelepathy-logger2                         0.4.0-1
ii  libwebkitgtk-3.0-0                           1.8.1-3.3
ii  libx11-6                                     2:1.5.0-1
ii  libxml2                                      2.8.0+dfsg1-7
ii  telepathy-logger                             0.4.0-1
ii  telepathy-mission-control-5                  1:5.14.0-1

Versions of packages empathy recommends:
ii  gvfs-backends            1.12.3-3
ii  nautilus-sendto-empathy  3.4.2.3-1+build1
ii  sound-theme-freedesktop  0.7.pristine-2
ii  telepathy-gabble         0.16.1-2
ii  telepathy-haze           0.7.0-1
ii  telepathy-salut          0.8.1-1

Versions of packages empathy suggests:
ii  telepathy-idle  0.1.12-1
ii  vino            3.4.2-1+b1

Versions of packages empathy is related to:
ii  telepathy-gabble [telepathy-connection-manager]  0.16.1-2
ii  telepathy-haze [telepathy-connection-manager]    0.7.0-1
ii  telepathy-idle [telepathy-connection-manager]    0.1.12-1
ii  telepathy-rakia [telepathy-connection-manager]   0.7.4-1
ii  telepathy-salut [telepathy-connection-manager]   0.8.1-1

-- no debconf information

More information about the Pkg-telepathy-maintainers mailing list