[Pkg-telepathy-maintainers] Bug#736149: Empathy screenshots for debian.org SIP accounts
Daniel Pocock
daniel at pocock.com.au
Mon Jan 27 13:52:27 UTC 2014
On 27/01/14 14:43, Simon McVittie wrote:
> On Mon, 20 Jan 2014 at 11:49:06 +0100, Daniel Pocock wrote:
>> Could you please suggest a recommended configuration for debian.org SIP
>> users to use Empathy?
>> I've tried it myself but it fails to register (using 0.7.4-1 from wheezy)
> You require TLS, right? I think this is probably the same thing as
> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699103>.
>
> I'll try the workaround from that bug; as a first step, it'd be good to
> confirm that a workaround exists. If that works, as discussed on #699103,
> either sofia-sip or telepathy-rakia could be patched to use the Debian
> CA certificates by default.
One other thing to be aware of:
- the certificate on the proxy has the name "debian.org" as a
subjectAltName, it does not have the hostname
- if the user is configuring the exact hostname (e.g.
"vogler.debian.org") then the TLS client code may think there is a
certificate mismatch
- if the client code is using NAPTR and SRV records, and no explicit
hostname is entered in the user account settings, the it should trust
the certificate for "debian.org"
I can also speak to DSA about creating a certificate with additional
subjectAltName values if required (e.g. we could have one associated
with an A record as well as those associated with the NAPTR), this will
only work if Empathy supports multiple subjectAltNames in certificates
More information about the Pkg-telepathy-maintainers
mailing list