Adium

Ticket #8698 (closed defect: wontfix)

Opened 5 months ago

Last modified 3 months ago

Domain 'jabber.org' hard coded in cert error screen?

Reported by: Michael Assigned to: nobody
Priority: normal Milestone: Needs feedback from users
Component: Jabber/XMPP Version: 1.2b7
Severity: normal Keywords:
Cc: Patch: None
Pending: 0

Description

I'm running Adium 1.2b7 (but it happened on b6 as well) and for one of my Jabber accounts it gives a cert error. The error is due to the specific Jabber server using a cert with CN=*.xs4all.nl instead of jabber.xs4all.nl. This is obviously a thing for them to fix on their side but there is one thing that surprises me. The error screen says: "The certificate of the server jabber.org is not trusted,...". Shouldn't that say 'jabber.xs4all.nl' instead of 'jabber.org'? Could jabber.org be hard coded into this error screen?

Attachments

Adium-ticket8698.rtf (4.1 kB) - added by Michael on 01/01/2008 05:47:00 PM.
Debug info for ticket 8698

Change History

12/28/2007 06:35:03 PM changed by evands

I just made an accounton jabber.xs4all.nl and got the cert screen; it definitely shows the correct server.

Do you also have a jabber.org account? Is it possible that you were seeing the cert vertification sheet for it?

12/28/2007 07:47:16 PM changed by Michael

The only other Jabber/XMPP account I have is a GoogleTalk account, and that works fine. The specific account that shows this error tries to log in to jabber.xs4all.nl.

Since it is a misconfiguration on the xs4all.nl domain and I try to login to jabber.xs4all.nl it doesn't seem very likely to be related to jabber.org.

It is odd that it doesn't happen to you, though. I might need to delete the account and reconfigure it from scratch to see if that helps.

12/28/2007 08:01:00 PM changed by Michael

Oh, and by the way, I am on 10.4.11. I suppose you're on 10.5.1?

12/28/2007 10:07:24 PM changed by evands

'k, just wanted to make sure we didn't have a simple matter of confusion before delving into this further.

I am on 10.5.1.

Could you show the Adium Debug Window contents from starting the connection to the cert window being shown please?

12/30/2007 01:11:40 PM changed by jas8522

  • version changed from 1.2b6 to 1.2b7.
  • pending set to 1.
  • milestone set to Needs feedback from users.

01/01/2008 05:47:00 PM changed by Michael

  • attachment Adium-ticket8698.rtf added.

Debug info for ticket 8698

01/01/2008 05:54:35 PM changed by Michael

  • pending deleted.

OK, I've added a copy paste of what I thought was the relevant part of the debug log. I've replaced my username with **my-username**.

You are right that apparently it is a jabber.org account after all (long time since I created it so I must have forgotten) but there is still something odd. The issue arises because of an incorrectly configured server at xs4all.nl. I think the warning should mention that the issue lies with the server jabber.xs4all.nl or the domain xs4all.nl and not jabber.org as that is technically incorrect. It will probably confuse people trying to trouble shoot the issue.

As Xs4all is a rather large Dutch ISP I assume more people will run into this error when Adium 1.2 is released.

01/01/2008 06:47:10 PM changed by evands

So you're connecting an @jabber.org account to jabber.xs4all.nl? I guess it lets you whatever domain name you want?

(follow-up: ↓ 10 ) 01/02/2008 03:00:29 AM changed by Michael

Apparently it does. To be honest, I've set this up years ago so have forgotten the details but it has always worked this way.

It appears to me Adium's error message should report the connecting server that gives back a faulty cert and not the account domain. True, often they will be one and the same but apparently there are exceptions to this.

01/06/2008 09:17:08 AM changed by Michael

Could this be related to http://trac.adiumx.com/ticket/8529? The server domain and JID domain being mixed up?

(in reply to: ↑ 8 ) 01/06/2008 08:15:49 PM changed by kena

Replying to Michael:

Apparently it does. To be honest, I've set this up years ago so have forgotten the details but it has always worked this way.

Michael, this deserves to be double-checked.

To my knowledge (and I am also customer of XS4all in the Netherlands), Jabber IDs at XS4all are of the form username@xs4all.nl and users are requested to connect using the server name "jabber.xs4all.nl" (they don't have DNS SRV records for _xmpp-client._tcp.xs4all.nl at this time.)

I don't believe XS4all's Jabber server accepts login requests from usernames of the form login@jabber.org. If it does, it's a violation of the Jabber RFCs. If it doesn't, you should check how your buddies in your roster actually see your Jabber ID from their side.

Two situations:

1) they confirm they see you @jabber.org. In this case, you are likely not connecting via jabber.xs4all.nl. That would need to be checked at the network level.

2) they see you @xs4all.nl. In this case, the discussion is moot.

01/06/2008 08:17:46 PM changed by kena

I'd like to cross this discussion with #8787.

02/25/2008 12:27:06 PM changed by Robby

  • pending set to 1.

Sorry for the lacking response.

Is this still an issue?

02/25/2008 03:45:21 PM changed by Michael

  • pending deleted.

The problem is, it is hard to tell whether the issue still exists. It was an error in a cert error prompt. As the error causing the error screen to pop up in the first place has been fixed I can't reproduce the error screen to check. (You still there? :D )

Since there have been numerous patches with regards to SSL certs and jabber JIDs the code is likely to be fixed as a side effect.

I'd say close it as fixed or invalid, if it does pop up later I can always open it again.

02/25/2008 08:09:00 PM changed by Robby

  • status changed from new to closed.
  • resolution set to wontfix.

I do understand now, thanks for clarification and the follow-up in general! :)

As you suggested I'll close this ticket for the time being.