Pidgin无法连接到gtalk,并提出接受未知证书。这是洋泾浜错误:SSL peer presented an invalid certificate
我看到另一个问题已经解决,但它与系统日期有关,我检查了它,日期完全同步和正确。
通过VPN连接没有帮助。错误是一样的。
这是证书指纹:
Common name: gmail.com
Fingerprint (SHA1): 28:dd:89:d3:0a:a6:f0:a2:b9:f8:77:fc:55:fc:ab:85:18:de:13:ff
Activation date: Tue Jul 23 18:07:27 2013
Expiration date: Wed Jul 23 18:07:27 2014
我拒绝了证书,它可靠吗?
我通过pidgin.exe -d快捷方式在调试模式下运行pidgin。这是日志:
purplecertificatesx509tls_peerslogin.yahoo.com
(14:58:38) util: Writing file C:UsersXMoAppDataRoaming.purplecertifica
tesx509tls_peerslogin.yahoo.com
(14:58:38) certificate: Successfully verified certificate for login.yahoo.com
(14:58:38) proxy: No Windows proxy set.
(14:58:38) util: request constructed
(14:58:39) util: Writing file blist.xml to directory C:UsersXMoAppDataRo
aming.purple
(14:58:39) util: Writing file C:UsersXMoAppDataRoaming.purpleblist.xml
(14:58:39) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:38 GMT
Set-Cookie: B=e63111t92beem&b=3&s=4i; expires=Fri, 04-Sep-2015 10:28:39 GMT; pat
h=/; domain=.yahoo.com
Set-Cookie: Y=v=1&n=9hc5v9t26bofb&l=cehjtp0/o&p=m2pvvir012000000&iz=&r=rv&lg=en-
US&intl=us&np=1; path=/; domain=.yahoo.com
Set-Cookie: T=z=XnbJSBXtwJSBIyN9r3k6ixSNjE2MwY2NDI2N083MzZONU9PTj&a=QAE&sk=DAAtA
aOOm3R8Pn&ks=EAAaE80vMWHU1XvmIrWbNLYPQ--~E&d=c2wBTVRZeE5BRXhNelV4TURnd05ERTVNamc
0T1RFeE1BLS0BYQFRQUUBZwFQWVZSU0pINUZSMLKJJEI3T0w3TVpMR01BWQFzY2lkAWRSS1ZKbVA2dWx
veWVUSEhOcm9MVnZYLkpjOC0BYWMBQUlQUW81cDR1ZTh2AXNjAXltc2dyAXp6AVhuYkpTQmdXQQF0aXA
BdUV1ZGZB; path=/; domain=.yahoo.com
Set-Cookie: SSL=v=1&s=EbrNF3L9lSHOT7r4A6BzQkMf9Z5icsr.1DVUwkP0fPZI9xHt03bWPCmlJ.
wNwlW.kOFuArTlkGmI6WNbstxN_g--&kv=0; path=/; domain=.yahoo.com; secure; httponly
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
'
(14:58:39) yahoo: Authentication: In yahoo_auth16_stage2
(14:58:39) yahoo: Got needed part of B cookie: e63111t92beem&b=3&s=4i
(14:58:39) yahoo: Got auth16 stage 2 response code: 0
(14:58:39) yahoo: Authentication: In yahoo_auth16_stage3
(14:58:39) yahoo: yahoo status: 0
(14:58:39) yahoo: 249 bytes to read, rxlen is 269
(14:58:39) yahoo: Yahoo Service: 0x55 Status: 0
(14:58:39) proxy: No Windows proxy set.
(14:58:39) util: requesting to fetch a URL
(14:58:39) proxy: No Windows proxy set.
(14:58:39) dnsquery: Performing DNS lookup for address.yahoo.com
(14:58:39) proxy: No Windows proxy set.
(14:58:39) dnsquery: IP resolved for address.yahoo.com
(14:58:39) proxy: Attempting connection to 98.138.5.227
(14:58:39) proxy: Connecting to address.yahoo.com:80 with no proxy
(14:58:39) proxy: Connection in progress
(14:58:39) proxy: Connecting to address.yahoo.com:80.
(14:58:39) proxy: Connected to address.yahoo.com:80.
(14:58:39) util: request constructed
(14:58:40) yahoo: 102 bytes to read, rxlen is 439
(14:58:40) yahoo: Yahoo Service: 0xf1 Status: 0
(14:58:40) proxy: No Windows proxy set.
(14:58:40) util: requesting to fetch a URL
(14:58:40) proxy: No Windows proxy set.
(14:58:40) dnsquery: Performing DNS lookup for address.yahoo.com
(14:58:40) yahoo: Authentication: Connection established
(14:58:40) connection: Activating keepalive.
(14:58:40) yahoo: 8 bytes to read, rxlen is 317
(14:58:40) yahoo: Yahoo Service: 0xf0 Status: 0
(14:58:40) yahoo: 204 bytes to read, rxlen is 289
(14:58:40) yahoo: Yahoo Service: 0xef Status: 1
(14:58:40) yahoo: Unhandled service 0xef
(14:58:40) yahoo: 18 bytes to read, rxlen is 65
(14:58:40) yahoo: Yahoo Service: 0x12 Status: 1
(14:58:40) yahoo: Unhandled service 0x12
(14:58:40) yahoo: 7 bytes to read, rxlen is 27
(14:58:40) yahoo: Yahoo Service: 0x0b Status: 1
(14:58:40) proxy: No Windows proxy set.
(14:58:40) dnsquery: IP resolved for address.yahoo.com
(14:58:40) proxy: Attempting connection to 98.138.5.227
(14:58:40) proxy: Connecting to address.yahoo.com:80 with no proxy
(14:58:40) proxy: Connection in progress
(14:58:40) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:40 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
x-frame-options: sameorigin
Vary: Accept-Encoding
Content-Type: text/xml; charset=utf-8
Cache-Control: private
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: YTS/1.19.11
'
(14:58:40) proxy: Connecting to address.yahoo.com:80.
(14:58:40) proxy: Connected to address.yahoo.com:80.
(14:58:40) util: request constructed
(14:58:40) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:40 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
x-frame-options: sameorigin
Vary: Accept-Encoding
Content-Type: text/xml; charset=utf-8
Cache-Control: private
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: YTS/1.19.11
'
(14:58:43) account: Connecting to account m.zixxxxxxxx@gmail.com/.
(14:58:43) connection: Connecting. gc = 0534E4E0
(14:58:43) proxy: No Windows proxy set.
(14:58:43) dnssrv: querying SRV record for gmail.com: _xmpp-client._tcp.gmail.co
m
(14:58:43) wpurple: This version of dnsapi.dll contains DnsQuery_UTF8
(14:58:43) wpurple: This version of dnsapi.dll contains DnsRecordListFree
(14:58:43) dnssrv: found 5 SRV entries
(14:58:43) proxy: No Windows proxy set.
(14:58:43) dnsquery: Performing DNS lookup for xmpp.l.google.com
(14:58:43) proxy: No Windows proxy set.
(14:58:44) dnsquery: IP resolved for xmpp.l.google.com
(14:58:44) proxy: Attempting connection to 173.194.70.125
(14:58:44) proxy: Connecting to xmpp.l.google.com:5222 with no proxy
(14:58:44) proxy: Connection in progress
(14:58:44) proxy: Connecting to xmpp.l.google.com:5222.
(14:58:44) proxy: Connected to xmpp.l.google.com:5222.
(14:58:44) jabber: Sending (m.zixxxxxxxx@gmail.com): <?xml version='1.0' ?>
(14:58:44) jabber: Sending (m.zixxxxxxxx@gmail.com): <stream:stream to='gmail.com
' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version=
'1.0'>
(14:58:44) jabber: Recv (138): <stream:stream from="gmail.com" id="29377D07DDD6A
095" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber
:client">
(14:58:44) jabber: Recv (241): <stream:features><starttls xmlns="urn:ietf:params
:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:n
s:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism
></mechanisms></stream:features>
(14:58:44) jabber: Sending (m.zixxxxxxxx@gmail.com): <starttls xmlns='urn:ietf:pa
rams:xml:ns:xmpp-tls'/>
(14:58:45) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
(14:58:45) nss: subject=CN=gmail.com,O=Google Inc,L=Mountain View,ST=California,
C=US issuer=CN=Google Internet Authority G2,O=Google Inc,C=US
(14:58:45) nss: subject=CN=Google Internet Authority G2,O=Google Inc,C=US issuer
=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
(14:58:45) nss: subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US issuer=CN=Geo
Trust Global CA,O=GeoTrust Inc.,C=US
(14:58:45) certificate/x509/tls_cached: Starting verify for gmail.com
(14:58:45) certificate/x509/tls_cached: Checking for cached cert...
(14:58:45) certificate/x509/tls_cached: ...Found cached cert
(14:58:45) nss/x509: Loading certificate from C:UsersXMoAppDataRoaming.
purplecertificatesx509tls_peersgmail.com
(14:58:45) certificate/x509/tls_cached: Peer cert did NOT match cached
(14:58:45) certificate: Checking signature chain for uid=CN=gmail.com,O=Google I
nc,L=Mountain View,ST=California,C=US
(14:58:45) certificate: ...Good signature by CN=Google Internet Authority G2,O=G
oogle Inc,C=US
(14:58:45) certificate: ...Good signature by CN=GeoTrust Global CA,O=GeoTrust In
c.,C=US
(14:58:45) certificate: Chain is VALID
(14:58:45) certificate/x509/tls_cached: Checking for a CA with DN=CN=GeoTrust Gl
obal CA,O=GeoTrust Inc.,C=US
(14:58:45) certificate/x509/tls_cached: Also checking for a CA with DN=CN=GeoTru
st Global CA,O=GeoTrust Inc.,C=US
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsAddTrust_External_Root.pem
(14:58:45) certificate/x509/ca: Loaded AddTrust External CA Root from C:Program
Files (x86)Pidginca-certsAddTrust_External_Root.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsAmerica_Online_Root_Certification_Authority_1.pem
(14:58:45) certificate/x509/ca: Loaded America Online Root Certification Authori
ty 1 from C:Program Files (x86)Pidginca-certsAmerica_Online_Root_Certificati
on_Authority_1.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsAOL_Member_CA.pem
(14:58:45) certificate/x509/ca: Loaded AOL Member CA from C:Program Files (x86)
Pidginca-certsAOL_Member_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsCAcert_Class3.pem
(14:58:45) certificate/x509/ca: Loaded CAcert Class 3 Root from C:Program Files
(x86)Pidginca-certsCAcert_Class3.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsCAcert_Root.pem
(14:58:45) certificate/x509/ca: Loaded CA Cert Signing Authority from C:Program
Files (x86)Pidginca-certsCAcert_Root.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsDeutsche_Telekom_Root_CA_2.pem
(14:58:45) certificate/x509/ca: Loaded Deutsche Telekom Root CA 2 from C:Progra
m Files (x86)Pidginca-certsDeutsche_Telekom_Root_CA_2.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsDigiCertHighAssuranceCA-3.pem
(14:58:45) certificate/x509/ca: Loaded DigiCert High Assurance CA-3 from C:Prog
ram Files (x86)Pidginca-certsDigiCertHighAssuranceCA-3.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsEntrust.net_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded Entrust.net Secure Server Certification A
uthority from C:Program Files (x86)Pidginca-certsEntrust.net_Secure_Server_C
A.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsEquifax_Secure_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:Program Files (x86)Pid
ginca-certsEquifax_Secure_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsEquifax_Secure_Global_eBusiness_CA-1.pem
(14:58:45) certificate/x509/ca: Loaded Equifax Secure Global eBusiness CA-1 from
C:Program Files (x86)Pidginca-certsEquifax_Secure_Global_eBusiness_CA-1.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsGo_Daddy_Class_2_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:Program Files (x86)Pid
ginca-certsGo_Daddy_Class_2_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsGTE_CyberTrust_Global_Root.pem
(14:58:45) certificate/x509/ca: Loaded GTE CyberTrust Global Root from C:Progra
m Files (x86)Pidginca-certsGTE_CyberTrust_Global_Root.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsMicrosoft_Internet_Authority.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Internet Authority from C:Prog
ram Files (x86)Pidginca-certsMicrosoft_Internet_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsMicrosoft_Internet_Authority_2010.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Internet Authority from C:Prog
ram Files (x86)Pidginca-certsMicrosoft_Internet_Authority_2010.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsMicrosoft_Secure_Server_Authority.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Secure Server Authority from C:
Program Files (x86)Pidginca-certsMicrosoft_Secure_Server_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsMicrosoft_Secure_Server_Authority_2010.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Secure Server Authority from C:
Program Files (x86)Pidginca-certsMicrosoft_Secure_Server_Authority_2010.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsStartCom_Certification_Authority.pem
(14:58:45) certificate/x509/ca: Loaded StartCom Certification Authority from C:
Program Files (x86)Pidginca-certsStartCom_Certification_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsStartCom_Free_SSL_CA.pem
(14:58:45) certificate/x509/ca: Loaded Free SSL Certification Authority from C:
Program Files (x86)Pidginca-certsStartCom_Free_SSL_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsThawte_Premium_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded Thawte Premium Server CA from C:Program
Files (x86)Pidginca-certsThawte_Premium_Server_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsThawte_Primary_Root_CA.pem
(14:58:45) certificate/x509/ca: Loaded thawte Primary Root CA from C:Program Fi
les (x86)Pidginca-certsThawte_Primary_Root_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsValiCert_Class_2_VA.pem
(14:58:45) certificate/x509/ca: Loaded http://www.valicert.com/ from C:Program
Files (x86)Pidginca-certsValiCert_Class_2_VA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsVeriSign_Class3_Extended_Validation_CA.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Extended Validation SSL
CA from C:Program Files (x86)Pidginca-certsVeriSign_Class3_Extended_Validati
on_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsVerisign_Class3_Primary_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:Program Files (x86)Pid
ginca-certsVerisign_Class3_Primary_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsVeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:Program Files (x86)Pid
ginca-certsVeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsVeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certifica
tion Authority - G5 from C:Program Files (x86)Pidginca-certsVeriSign_Class_3
_Public_Primary_Certification_Authority_-_G5.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsVeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certifica
tion Authority - G5 from C:Program Files (x86)Pidginca-certsVeriSign_Class_3
_Public_Primary_Certification_Authority_-_G5_2.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsVeriSign_International_Server_Class_3_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:Program Files (x86)Pid
ginca-certsVeriSign_International_Server_Class_3_CA.pem
(14:58:45) nss/x509: Loading certificate from C:Program Files (x86)Pidginca-c
ertsVerisign_RSA_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:Program Files (x86)Pid
ginca-certsVerisign_RSA_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Lazy init completed.
(14:58:45) certificate/x509/tls_cached: No Certificate Authorities with either D
N found found. I'll prompt the user, I guess.
(14:58:47) certificate/x509/tls_cached: User REJECTED cert
(14:58:47) certificate: Failed to verify certificate for gmail.com
(14:58:47) connection: Connection error on 0534E4E0 (reason: 15 description: SSL
peer presented an invalid certificate)
(14:58:47) account: Disconnecting account m.zixxxxxxxx@gmail.com/ (00926D38)
(14:58:47) connection: Disconnecting connection 0534E4E0
(14:58:47) connection: Destroying connection 0534E4E0
(14:58:49) util: Writing file accounts.xml to directory C:UsersXMoAppData
Roaming.purple
(14:58:49) util: Writing file C:UsersXMoAppDataRoaming.purpleaccounts.
xml
我今天早上收到了同样的错误,并在这里发现了类似的投诉:http://comments.gmane.org/gmane.comp.gnome.pidgin.user/13678。
我按照建议将我的Pidgin客户端更新为2.10.7,现在一切似乎都很好。
我希望这能有所帮助。