[tor-bugs] #1676 [Tor bundles/installation]: Audit jabber/XMPP support for pidgin
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri May 11 08:41:32 UTC 2012
#1676: Audit jabber/XMPP support for pidgin
--------------------------------------+-------------------------------------
Reporter: katmagic | Owner: ioerror
Type: defect | Status: assigned
Priority: critical | Milestone:
Component: Tor bundles/installation | Version:
Keywords: pidgin, DNS | Parent: #2918
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by rubin110):
With Erinn's Tor IM bundle I'm able to make complete connections to CCC's
jabber server, no problem, no leakage. This is with all of the proxy
settings preconfigured out of the box.
Connecting to a gmail account fails as expected with the default settings
due to SRV look up choke.
What's interesting now is that connecting to talk.google.com for a
username at gmail.com account, the server returns with an SSL cert for
gmail.com.
Accept certificate for talk.google.com?
The certificate for talk.google.com could not be validated.
The certificate claims to be from "gmail.com" instead. This could mean
that you are not connecting to the service you believe you are.
The user is proivded buttons to "View Certificate...", accept or reject.
If you view...
Common name: gmail.com
Fingerprint (SHA1):
78:42:95:7e:7a:28:28:c1:88:b9:8d:5a:2a:d4:a5:78:3e:8a:21:06
Activation date: Thu Jan 19 17:05:56 2012
Expiration date: Sat Jan 19 17:15:56 2013
I'm about 99% sure I didn't simply click through any sort of SSL warning 2
weeks ago when I tested this last. Additionally Pidgin running for me
personally (configured to poke talk.google.com) under Debian Sid hasn't
thrown up any SSL cert errors. Does anyone else see this?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1676#comment:40>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list