Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] GOA says Google certificate is self signed.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
potuz
Guru
Guru


Joined: 30 Jan 2010
Posts: 378

PostPosted: Mon Dec 09, 2013 12:44 pm    Post subject: [SOLVED] GOA says Google certificate is self signed. Reply with quote

Hello List, I am having trouble with certificates in a newly upgraded Gnome 3.8 and I'm in need of some help with certs in general cause I never dealt with this, so many of these questions might be extremely basic or nonsensical.

The symptoms: when I connect to empathy via a GOA created Google account, I get a big warning saying "Untrusted connection. This connection is untrusted. Would you like to continue anyway? The identity provided by the chat server cannot be verified. The certificate is self signed". The details of the certificate are as follows
Code:
gmail.com
Identity: gmail.com
Verified by: Google Internet Authority G2
Expires: 07/23/2014

Subject Name
C (Country):   US
ST (State):   California
L (Locality):   Mountain View
O (Organization):   Google Inc
CN (Common Name):   gmail.com
Issuer Name
C (Country):   US
O (Organization):   Google Inc
CN (Common Name):   Google Internet Authority G2
Issued Certificate
Version:   3
Serial Number:   78 3E 71 DF 45 3F A8 82
Not Valid Before:   2013-07-23
Not Valid After:   2014-07-23
Certificate Fingerprints
SHA1:   28 DD 89 D3 0A A6 F0 A2 B9 F8 77 FC 55 FC AB 85 18 DE 13 FF
MD5:   61 5D 9B 7C CE 2D B0 36 B6 ED F4 72 ED 33 7A A7
Public Key Info
Key Algorithm:   RSA
Key Parameters:   05 00
Key Size:   2048
Key SHA1 Fingerprint:   6D 1D 49 33 C8 A6 72 3F B1 12 D0 46 EC 6C 7A D1 81 91 23 1C
Public Key:   30 82 01 0A 02 82 01 01 00 A4 9E 70 25 AA 9A 53 A7 B3 1D C1 59 4B 95 13 9B 2A EA C0 D3 CD 40 79 72 8C 66 11 D8 92 FB 68 5F 74 31 D0 96 06 DA 6F BD 93 F6 06 05 EF 37 CB 48 28 CD A2 2F 6B D3 9C 29 B1 2D D7 8F D0 8E 5F 07 91 66 C5 49 70 AF 15 71 A2 6C AF 8C AF 94 7B 20 50 A4 B6 70 7F E4 51 DF 27 B0 5D 8E E1 C9 B8 E0 AE 3E F1 F2 9A 26 51 AC 04 64 6A 2B EB 30 8A A0 63 16 14 13 C3 2F 2C C1 C8 0B 53 58 5A 33 C0 41 E8 8D BE 76 BF 01 3B 8D EB 1D 89 15 4F 55 D0 E8 DC BF 53 50 30 B5 B5 B6 77 B2 44 61 A5 7E 84 D6 0D 19 BF 98 E7 CA AB C8 C1 8B 1C 57 50 47 66 C2 B3 D1 C7 0A 81 88 6B 3B 9B BB 63 E2 B2 8C 9E 9B 8F 16 BE 09 57 DA 00 CD EB 9B CF 84 8D 89 DB B1 D3 0E 18 3B 44 CA 1D D4 41 1F 35 42 02 AD 93 7E CB B9 8F D6 0F 78 04 41 3C 22 E4 AF 3E 5B D8 29 C2 65 21 59 B5 55 A5 8A 69 48 7D 0B 76 51 44 EF 02 03 01 00 01
Extended Key Usage
Allowed Purposes:   Server Authentication
Client Authentication
Critical:   No
Subject Alternative Names
DNS:   gmail.com
Critical:   No
Extension
Identifier:   1.3.6.1.5.5.7.1.1
Value:   30 5A 30 2B 06 08 2B 06 01 05 05 07 30 02 86 1F 68 74 74 70 3A 2F 2F 70 6B 69 2E 67 6F 6F 67 6C 65 2E 63 6F 6D 2F 47 49 41 47 32 2E 63 72 74 30 2B 06 08 2B 06 01 05 05 07 30 01 86 1F 68 74 74 70 3A 2F 2F 63 6C 69 65 6E 74 73 31 2E 67 6F 6F 67 6C 65 2E 63 6F 6D 2F 6F 63 73 70
Critical:   No
Subject Key Identifier
Key Identifier:   1F 1E 51 F3 15 44 FA 34 60 C7 14 CF 17 B9 81 C8 13 17 BD BC
Critical:   No
Basic Constraints
Certificate Authority:   No
Max Path Length:   Unlimited
Critical:   Yes
Extension
Identifier:   2.5.29.35
Value:   30 16 80 14 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A BA 5A 81 2F
Critical:   No
Extension
Identifier:   2.5.29.32
Value:   30 0E 30 0C 06 0A 2B 06 01 04 01 D6 79 02 05 01
Critical:   No
Extension
Identifier:   2.5.29.31
Value:   30 27 30 25 A0 23 A0 21 86 1F 68 74 74 70 3A 2F 2F 70 6B 69 2E 67 6F 6F 67 6C 65 2E 63 6F 6D 2F 47 49 41 47 32 2E 63 72 6C
Critical:   No
Signature
Signature Algorithm:   SHA1 with RSA
Signature Parameters:   05 00
Signature:   82 1A B0 57 66 4D 5B 7C B2 D8 8D 4F 15 99 23 F8 47 CB 94 9A EF CD 88 23 03 4A A7 D2 13 30 69 43 07 2E 4A 21 A8 D6 9E 9F DB 51 70 4B B6 9D F4 3F D8 76 96 BC 86 18 40 A9 57 FE 63 8B 6D C2 B9 DC 3B D9 8D 6F 8E CF 71 97 30 CF 3B 88 42 D6 E4 00 52 E8 42 A5 E7 B4 C8 95 29 12 D2 EE 85 D5 D3 F3 47 2B FA 95 6E 24 C0 29 B5 27 B9 FC 7F 2B 61 C2 E6 7E 58 DB B2 A5 0A F7 38 5D DB 9F 16 B7 B5 30 07 13 F9 F4 BF 48 E6 7E F7 54 59 A9 E8 DB 3C AF 29 AF 61 1D 37 C5 B8 02 E4 D1 63 7E 71 12 A5 DC 01 8C BF 34 7B E2 C3 08 A7 14 D5 E3 92 34 40 58 1A 60 0E DC B3 D1 A4 79 65 B1 3C 38 80 06 0C 53 B2 EF A9 F5 B7 C9 72 A7 52 F3 BB 8C 6C 7F 18 D4 05 91 37 C3 07 81 D7 38 31 AD 1A 39 F1 32 F7 6E 2C 4C CF C6 36 31 0D D9 49 AC 44 F0 E1 E3 D1 FE FD BA 4B 31 28 E5 21 DA FC EC 44 5B F5 C7 D5 86

To which I hit "continue" and everything is alright.

I have no trouble accessing for example gmail on Firefox which shows me certificates signed by Google as trusted so my first thought was that Empathy would use gnome's way of dealing with certificates. I presumed that this would be dealt by gnome-keyring-daemon and I should be able to see certificates with seahorse. In seahorse I don't see any certificate at all. However the firectory /etc/ssl/certs is crowded with certifications.

I figured another application that should use the same kind of certificate engines would be evolution and indeed in the certs part of preferences I only see a few certificates with scary descriptions like "Builtin Object Token: Bogus {Global Trustee,Google,Mozilla Addons,Yahoo}" etc... all signed by UTN-USERFirst-Hardware... what are these? are these to reject bad certificates or something like this?

The authorities section has a lot of them so I figured this should come from the certs directory... but still Empathy and Evolution do not trust my GOA created google account.

Finally, I see that gnome-keyring-daemon is launched by
Code:
/usr/bin/gnome-keyring-daemon --daemonize --login

but with gnome-session-properties I see that all different components are started... where should I start looking for an explanation as to why Empathy doesn't like my chat certificates?

Thanks

EDIT: Well, I am not sure why this happened in the first place, but I kept removing the google account in GOA and creating it back and still same problem. What I ended up doing is removing the credentials in seahorse also, this time the newly created credentials worked and Empathy stopped bugging with the self-signed certificate issue. I still wonder about the "bogus" certificates in Evolution though.


Last edited by potuz on Mon Dec 09, 2013 3:48 pm; edited 1 time in total
Back to top
View user's profile Send private message
potuz
Guru
Guru


Joined: 30 Jan 2010
Posts: 378

PostPosted: Mon Dec 09, 2013 3:20 pm    Post subject: Reply with quote

Well, I found out what these certs maked as "bogus" are related to some actual bogus certs generated by comodo, however I don't know if I should have them there in Evolution due to a security patch or if I've been connecting to some other place thinking it was google using these certs :(...

EDIT: Well, I finally found the commit where they added these bogus certs as untrusted.... I'm now at peace, I'm surprised it took so long to dig up this info online.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum