Gajim - 2016-07-27

  1. arune c0cac01a: not sure anyone has got it working in windows
  2. Martin Hi, I have a question about SSL certificate changes.
  3. Martin The SSL certificate of my XMPP server changes very often, thanks to Let's Encrypt.
  4. Martin Gajim warns me every time about the change.
  5. Martin The SSL certificate is, however, perfectly valid.
  6. Martin No need to warn, IMHO.
  7. Martin It confused me first, until I found
  8. Martin
  9. Martin How switch off this warning?
  10. Martin And wouldn't it be better to have it switched off by default?
  11. Martin TIA!
  12. Link Mauve Martin, I agree with you, but I don’t think anyone made a patch for that.
  13. Link Mauve There are many things wrong with how Gajim handles certificates.
  14. Link Mauve Also with how it allows users to still connect even if no TLS is offered at all.
  15. Martin Ouch, I did not know that.
  16. lovetox it allows
  17. lovetox but warns to my knowledge
  18. lovetox why shouldnt it let you connect with a warning?
  19. Martin Hm, many non-so-tech users would just click away any warning.
  20. Martin Maybe a default "allow only valid TLS" is a good idea. Browser vendors will go into this direction, it seems.
  21. Martin Shall I open a ticket about the warning on valid TLS certificate change?
  22. Martin Thanks to Let's Encrypt many people will change their cert much more frequent than before.
  23. Martin More users are affected than in 2007 when Gajim implemented the warning.
  24. lovetox yeah please
  25. lovetox i find it odd that i never saw this message
  26. lovetox like never never, what do you have to do to get this?
  27. lovetox just use a server with a TLS connection?
  28. Martin Yes, I have prosody with an LE certificate.
  29. Martin It is, however, not publically available, just in the company.
  30. Martin I got the message today on two gajim instances.
  31. lovetox so i use two servers
  32. lovetox and
  33. lovetox im pretty sure they use tls
  34. lovetox i never saw this message
  35. lovetox are you on linux martin?
  36. Martin yes, Debian stable on one machine, Debian testing on the other
  37. Martin uses LE, uses StartCom
  38. Martin I believe this is the command to find out:
  39. Martin openssl s_client -showcerts -connect -starttls xmpp </dev/null
  40. lovetox so that means i should get these messages but for some reason i dont
  41. Martin changed their cert recently (validity started only three weeks ago), so maybe there is something wrong with my server and/or Gajim setup?
  42. Martin has the same cert since almost two years, it will end this August
  43. lovetox no there is nothing wrong
  44. lovetox many users get this
  45. lovetox i just never saw this .. and try to find out why
  46. Martin OK, so I will continue writing the ticket.
  47. Martin Maybe you patched your Gajim unconciously.
  48. lovetox is that the message you are getting
  49. lovetox 'The authenticity of the %s certificate could be invalid
  50. Martin I get this one:
  51. Martin SSL certificate error
  52. Martin It seems SSL certificate has changed or your connection is
  53. Martin being hacked. Do you still want to connect and update the fingerprint
  54. Martin of the certificate?
  55. Martin After clicking "yes" the warning is gone - probably until three months ahead.
  56. lovetox but when i think about it
  57. lovetox i didnt use 2 years ago
  58. lovetox and 3 month ago
  59. lovetox so i never had a cert change
  60. Martin conversations changed three weeks ago!
  61. lovetox yeah i dont use it that long
  62. lovetox ist a new acc
  63. Martin ah, OK, this explains it
  64. bot RSS: Feeds for Gajim • Ticket #8372 (Gajim doesn't connect) created Bug description Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/nbxmpp/", line 549, in _process_events return IdleQueue._process_events(self, fd, flags) File "/usr/lib/python2.7/dist-packages/nbxmpp/", line 409, in _process_events obj.pollin() File "/usr/lib/python2.7/dist-packages/nbxmpp/", line 444, […]
  65. bot RSS: Feeds for Gajim • Ticket #8372 (Gajim doesn't connect) updated Status changed Some other Clients show XML parser errors as well - could be a server problem. I will get back to you.
  66. arune Martin:
  67. Martin Does registration at work? I tried to register, but do not yet have an email after one hour.
  68. arune Martin: it might be manual approval
  69. Martin Ah, OK, no problem.
  70. lovetox SpamBayes determined spam probability of 99.34%
  71. lovetox im glad its not higher