Ubuntu 12.04 升级到14.04之后,pidgin-sipe 出现的问题: Trouble with the pidgin and self-signed SSL certificate
Once again, I run into trouble when upgrading my LinuxMint.
In last few days, my Linux mint notifies me that lots of packages need to be upgraded. As I'm using an LTS version, I agreed to download and upgrade all packages, which includes pidgin. Pidgin was upgraded to version 2.10.9
Unfortunately, afterward, I cannot use pidgin with Office Communicator plugin to log in my corporation's Lync server. Lync always tells me it cannot validate the certificate from the server.
It's normal, because my lync server uses a self-signed certificate. But in the past, pidgin allow me to connect with a warning only, but now it denies me.
Lots of googling does not help me. Tried to install a newer version 2.10.10 also does not help me to resolve problem. It's terrible for me, because most of communication in my company use Lync, and I dont want to get back to Windows world, just because of pidgin.
Fortunately, pidgin, like most of application in Linux world, is open source. So I tried to download the source code of pidgin, tried to compile it. The self-compile package for 2.10.10 also not help me to resolve the problem, so I perform some review on the source. IT's not really easy for me, as I never wrote any C++ program on Linux before. Finally after half days, I found that from pidgin 2.10.9, they re-designed the NSS-SSL plugin which used as the infrastructure for SSL connection , but they forget to add the code to process unknown CA provider. They processed the untrusted issuer, but not unknown issuer (my case, for the self-signed certificate).
in /libpurple/plugins/ssl/ssl-nss.c
UPDATE 2015/04/11
As with latest version of pidgin, 2.10.11 I still have the same problem.
I just performed a small hack: remove all certifications check.
Of course, it's dangerous with the Man in middle attack. But, for me, it's enough.
I put it into my google site for anybody who doesnt want to build it.
Pidgin Download
In last few days, my Linux mint notifies me that lots of packages need to be upgraded. As I'm using an LTS version, I agreed to download and upgrade all packages, which includes pidgin. Pidgin was upgraded to version 2.10.9
Unfortunately, afterward, I cannot use pidgin with Office Communicator plugin to log in my corporation's Lync server. Lync always tells me it cannot validate the certificate from the server.
It's normal, because my lync server uses a self-signed certificate. But in the past, pidgin allow me to connect with a warning only, but now it denies me.
Lots of googling does not help me. Tried to install a newer version 2.10.10 also does not help me to resolve problem. It's terrible for me, because most of communication in my company use Lync, and I dont want to get back to Windows world, just because of pidgin.
Fortunately, pidgin, like most of application in Linux world, is open source. So I tried to download the source code of pidgin, tried to compile it. The self-compile package for 2.10.10 also not help me to resolve the problem, so I perform some review on the source. IT's not really easy for me, as I never wrote any C++ program on Linux before. Finally after half days, I found that from pidgin 2.10.9, they re-designed the NSS-SSL plugin which used as the infrastructure for SSL connection , but they forget to add the code to process unknown CA provider. They processed the untrusted issuer, but not unknown issuer (my case, for the self-signed certificate).
in /libpurple/plugins/ssl/ssl-nss.c
case SEC_ERROR_UNTRUSTED_ISSUER:
So my work is quite easy: Add the unknown issuer processing with the same process with untrusted issuer.if (crt_dat->isRoot) { *flags |= PURPLE_CERTIFICATE_SELF_SIGNED; } else { *flags |= PURPLE_CERTIFICATE_CA_UNKNOWN; }
After review again the latest source code in pidgin 's SCM, I found that this change is already integrated in to latest source code 3 weeks ago. So it's hopeful that in next verison of pidgin, this problem is gone.case SEC_ERROR_UNKNOWN_ISSUER:
case SEC_ERROR_UNTRUSTED_ISSUER:
if (crt_dat->isRoot) {
...
UPDATE 2015/04/11
As with latest version of pidgin, 2.10.11 I still have the same problem.
I just performed a small hack: remove all certifications check.
Of course, it's dangerous with the Man in middle attack. But, for me, it's enough.
I put it into my google site for anybody who doesnt want to build it.
Pidgin Download
Sipe plugin download
鉴于以上的问题。查看了一下12.04和14.04的pidgin的版本号
12.04:Pidgin 2.10.3 (libpurple 2.10.3)
14.04: Pidgin 2.10.9 (libpurple 2.10.9)
果断上sourceforge上(http://sourceforge.net/projects/pidgin/files/Pidgin/2.10.3/pidgin-2.10.3.tar.gz/download?use_mirror=colocrossing&r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fpidgin%2Ffiles%2FPidgin%2F2.10.3%2F&use_mirror=tcpdiag)下载pidgin2.10.3版本号的tar包。然后再编译。貌似在configure的时候依赖挺多。依照每次出错的提示,最后的configure命令例如以下:
./configure --disable-screensaver --disable-gtkspell --disable-gstreamer --disable-vv --disable-idn --disable-meanwhile --disable-avahi --disable-nm --disable-perl --disable-tcl。 make; sudo make install
OK了。
Notice:
这个时候的pidgin都默认安装在/usr/loca/下,而不是在原先的/usr/下