Pidgin can't connect to gtalk and offers to accept an unknown certificate.
this is the pidgin error: SSL peer presented an invalid certificate
i saw another question that has been solved, but it was related to system date, i checked it and date is totally synced and correct.
connecting over VPN wasn't helpful. error was same.
this is the certificate fingerprint:
Common name: gmail.com
Fingerprint (SHA1): 28:dd:89:d3:0a:a6:f0:a2:b9:f8:77:fc:55:fc:ab:85:18:de:13:ff
Activation date: Tue Jul 23 18:07:27 2013
Expiration date: Wed Jul 23 18:07:27 2014
i rejected the certificate, is it reliable?
i runned pidgin in debug mode by pidgin.exe -d
shortcut. this is the log:
purple\certificates\x509\tls_peers\login.yahoo.com
(14:58:38) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\certifica
tes\x509\tls_peers\login.yahoo.com
(14:58:38) certificate: Successfully verified certificate for login.yahoo.com
(14:58:38) proxy: No Windows proxy set.
(14:58:38) util: request constructed
(14:58:39) util: Writing file blist.xml to directory C:\Users\XMo\AppData\Ro
aming\.purple
(14:58:39) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\blist.xml
(14:58:39) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:38 GMT
Set-Cookie: B=e63111t92beem&b=3&s=4i; expires=Fri, 04-Sep-2015 10:28:39 GMT; pat
h=/; domain=.yahoo.com
Set-Cookie: Y=v=1&n=9hc5v9t26bofb&l=cehjtp0/o&p=m2pvvir012000000&iz=&r=rv&lg=en-
US&intl=us&np=1; path=/; domain=.yahoo.com
Set-Cookie: T=z=XnbJSBXtwJSBIyN9r3k6ixSNjE2MwY2NDI2N083MzZONU9PTj&a=QAE&sk=DAAtA
aOOm3R8Pn&ks=EAAaE80vMWHU1XvmIrWbNLYPQ--~E&d=c2wBTVRZeE5BRXhNelV4TURnd05ERTVNamc
0T1RFeE1BLS0BYQFRQUUBZwFQWVZSU0pINUZSMLKJJEI3T0w3TVpMR01BWQFzY2lkAWRSS1ZKbVA2dWx
veWVUSEhOcm9MVnZYLkpjOC0BYWMBQUlQUW81cDR1ZTh2AXNjAXltc2dyAXp6AVhuYkpTQmdXQQF0aXA
BdUV1ZGZB; path=/; domain=.yahoo.com
Set-Cookie: SSL=v=1&s=EbrNF3L9lSHOT7r4A6BzQkMf9Z5icsr.1DVUwkP0fPZI9xHt03bWPCmlJ.
wNwlW.kOFuArTlkGmI6WNbstxN_g--&kv=0; path=/; domain=.yahoo.com; secure; httponly
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
'
(14:58:39) yahoo: Authentication: In yahoo_auth16_stage2
(14:58:39) yahoo: Got needed part of B cookie: e63111t92beem&b=3&s=4i
(14:58:39) yahoo: Got auth16 stage 2 response code: 0
(14:58:39) yahoo: Authentication: In yahoo_auth16_stage3
(14:58:39) yahoo: yahoo status: 0
(14:58:39) yahoo: 249 bytes to read, rxlen is 269
(14:58:39) yahoo: Yahoo Service: 0x55 Status: 0
(14:58:39) proxy: No Windows proxy set.
(14:58:39) util: requesting to fetch a URL
(14:58:39) proxy: No Windows proxy set.
(14:58:39) dnsquery: Performing DNS lookup for address.yahoo.com
(14:58:39) proxy: No Windows proxy set.
(14:58:39) dnsquery: IP resolved for address.yahoo.com
(14:58:39) proxy: Attempting connection to 98.138.5.227
(14:58:39) proxy: Connecting to address.yahoo.com:80 with no proxy
(14:58:39) proxy: Connection in progress
(14:58:39) proxy: Connecting to address.yahoo.com:80.
(14:58:39) proxy: Connected to address.yahoo.com:80.
(14:58:39) util: request constructed
(14:58:40) yahoo: 102 bytes to read, rxlen is 439
(14:58:40) yahoo: Yahoo Service: 0xf1 Status: 0
(14:58:40) proxy: No Windows proxy set.
(14:58:40) util: requesting to fetch a URL
(14:58:40) proxy: No Windows proxy set.
(14:58:40) dnsquery: Performing DNS lookup for address.yahoo.com
(14:58:40) yahoo: Authentication: Connection established
(14:58:40) connection: Activating keepalive.
(14:58:40) yahoo: 8 bytes to read, rxlen is 317
(14:58:40) yahoo: Yahoo Service: 0xf0 Status: 0
(14:58:40) yahoo: 204 bytes to read, rxlen is 289
(14:58:40) yahoo: Yahoo Service: 0xef Status: 1
(14:58:40) yahoo: Unhandled service 0xef
(14:58:40) yahoo: 18 bytes to read, rxlen is 65
(14:58:40) yahoo: Yahoo Service: 0x12 Status: 1
(14:58:40) yahoo: Unhandled service 0x12
(14:58:40) yahoo: 7 bytes to read, rxlen is 27
(14:58:40) yahoo: Yahoo Service: 0x0b Status: 1
(14:58:40) proxy: No Windows proxy set.
(14:58:40) dnsquery: IP resolved for address.yahoo.com
(14:58:40) proxy: Attempting connection to 98.138.5.227
(14:58:40) proxy: Connecting to address.yahoo.com:80 with no proxy
(14:58:40) proxy: Connection in progress
(14:58:40) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:40 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
x-frame-options: sameorigin
Vary: Accept-Encoding
Content-Type: text/xml; charset=utf-8
Cache-Control: private
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: YTS/1.19.11
'
(14:58:40) proxy: Connecting to address.yahoo.com:80.
(14:58:40) proxy: Connected to address.yahoo.com:80.
(14:58:40) util: request constructed
(14:58:40) util: Response headers: 'HTTP/1.1 200 OK
Date: Tue, 03 Sep 2013 10:28:40 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UN
I PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
x-frame-options: sameorigin
Vary: Accept-Encoding
Content-Type: text/xml; charset=utf-8
Cache-Control: private
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: YTS/1.19.11
'
(14:58:43) account: Connecting to account [email protected]/.
(14:58:43) connection: Connecting. gc = 0534E4E0
(14:58:43) proxy: No Windows proxy set.
(14:58:43) dnssrv: querying SRV record for gmail.com: _xmpp-client._tcp.gmail.co
m
(14:58:43) wpurple: This version of dnsapi.dll contains DnsQuery_UTF8
(14:58:43) wpurple: This version of dnsapi.dll contains DnsRecordListFree
(14:58:43) dnssrv: found 5 SRV entries
(14:58:43) proxy: No Windows proxy set.
(14:58:43) dnsquery: Performing DNS lookup for xmpp.l.google.com
(14:58:43) proxy: No Windows proxy set.
(14:58:44) dnsquery: IP resolved for xmpp.l.google.com
(14:58:44) proxy: Attempting connection to 173.194.70.125
(14:58:44) proxy: Connecting to xmpp.l.google.com:5222 with no proxy
(14:58:44) proxy: Connection in progress
(14:58:44) proxy: Connecting to xmpp.l.google.com:5222.
(14:58:44) proxy: Connected to xmpp.l.google.com:5222.
(14:58:44) jabber: Sending ([email protected]): <?xml version='1.0' ?>
(14:58:44) jabber: Sending ([email protected]): <stream:stream to='gmail.com
' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version=
'1.0'>
(14:58:44) jabber: Recv (138): <stream:stream from="gmail.com" id="29377D07DDD6A
095" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber
:client">
(14:58:44) jabber: Recv (241): <stream:features><starttls xmlns="urn:ietf:params
:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:n
s:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism
></mechanisms></stream:features>
(14:58:44) jabber: Sending ([email protected]): <starttls xmlns='urn:ietf:pa
rams:xml:ns:xmpp-tls'/>
(14:58:45) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
(14:58:45) nss: subject=CN=gmail.com,O=Google Inc,L=Mountain View,ST=California,
C=US issuer=CN=Google Internet Authority G2,O=Google Inc,C=US
(14:58:45) nss: subject=CN=Google Internet Authority G2,O=Google Inc,C=US issuer
=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
(14:58:45) nss: subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US issuer=CN=Geo
Trust Global CA,O=GeoTrust Inc.,C=US
(14:58:45) certificate/x509/tls_cached: Starting verify for gmail.com
(14:58:45) certificate/x509/tls_cached: Checking for cached cert...
(14:58:45) certificate/x509/tls_cached: ...Found cached cert
(14:58:45) nss/x509: Loading certificate from C:\Users\XMo\AppData\Roaming\.
purple\certificates\x509\tls_peers\gmail.com
(14:58:45) certificate/x509/tls_cached: Peer cert did NOT match cached
(14:58:45) certificate: Checking signature chain for uid=CN=gmail.com,O=Google I
nc,L=Mountain View,ST=California,C=US
(14:58:45) certificate: ...Good signature by CN=Google Internet Authority G2,O=G
oogle Inc,C=US
(14:58:45) certificate: ...Good signature by CN=GeoTrust Global CA,O=GeoTrust In
c.,C=US
(14:58:45) certificate: Chain is VALID
(14:58:45) certificate/x509/tls_cached: Checking for a CA with DN=CN=GeoTrust Gl
obal CA,O=GeoTrust Inc.,C=US
(14:58:45) certificate/x509/tls_cached: Also checking for a CA with DN=CN=GeoTru
st Global CA,O=GeoTrust Inc.,C=US
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\AddTrust_External_Root.pem
(14:58:45) certificate/x509/ca: Loaded AddTrust External CA Root from C:\Program
Files (x86)\Pidgin\ca-certs\AddTrust_External_Root.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\America_Online_Root_Certification_Authority_1.pem
(14:58:45) certificate/x509/ca: Loaded America Online Root Certification Authori
ty 1 from C:\Program Files (x86)\Pidgin\ca-certs\America_Online_Root_Certificati
on_Authority_1.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\AOL_Member_CA.pem
(14:58:45) certificate/x509/ca: Loaded AOL Member CA from C:\Program Files (x86)
\Pidgin\ca-certs\AOL_Member_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\CAcert_Class3.pem
(14:58:45) certificate/x509/ca: Loaded CAcert Class 3 Root from C:\Program Files
(x86)\Pidgin\ca-certs\CAcert_Class3.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\CAcert_Root.pem
(14:58:45) certificate/x509/ca: Loaded CA Cert Signing Authority from C:\Program
Files (x86)\Pidgin\ca-certs\CAcert_Root.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Deutsche_Telekom_Root_CA_2.pem
(14:58:45) certificate/x509/ca: Loaded Deutsche Telekom Root CA 2 from C:\Progra
m Files (x86)\Pidgin\ca-certs\Deutsche_Telekom_Root_CA_2.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\DigiCertHighAssuranceCA-3.pem
(14:58:45) certificate/x509/ca: Loaded DigiCert High Assurance CA-3 from C:\Prog
ram Files (x86)\Pidgin\ca-certs\DigiCertHighAssuranceCA-3.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Entrust.net_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded Entrust.net Secure Server Certification A
uthority from C:\Program Files (x86)\Pidgin\ca-certs\Entrust.net_Secure_Server_C
A.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Equifax_Secure_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\Equifax_Secure_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Equifax_Secure_Global_eBusiness_CA-1.pem
(14:58:45) certificate/x509/ca: Loaded Equifax Secure Global eBusiness CA-1 from
C:\Program Files (x86)\Pidgin\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Go_Daddy_Class_2_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\Go_Daddy_Class_2_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\GTE_CyberTrust_Global_Root.pem
(14:58:45) certificate/x509/ca: Loaded GTE CyberTrust Global Root from C:\Progra
m Files (x86)\Pidgin\ca-certs\GTE_CyberTrust_Global_Root.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Microsoft_Internet_Authority.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Internet Authority from C:\Prog
ram Files (x86)\Pidgin\ca-certs\Microsoft_Internet_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Microsoft_Internet_Authority_2010.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Internet Authority from C:\Prog
ram Files (x86)\Pidgin\ca-certs\Microsoft_Internet_Authority_2010.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Microsoft_Secure_Server_Authority.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Secure Server Authority from C:
\Program Files (x86)\Pidgin\ca-certs\Microsoft_Secure_Server_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Microsoft_Secure_Server_Authority_2010.pem
(14:58:45) certificate/x509/ca: Loaded Microsoft Secure Server Authority from C:
\Program Files (x86)\Pidgin\ca-certs\Microsoft_Secure_Server_Authority_2010.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\StartCom_Certification_Authority.pem
(14:58:45) certificate/x509/ca: Loaded StartCom Certification Authority from C:\
Program Files (x86)\Pidgin\ca-certs\StartCom_Certification_Authority.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\StartCom_Free_SSL_CA.pem
(14:58:45) certificate/x509/ca: Loaded Free SSL Certification Authority from C:\
Program Files (x86)\Pidgin\ca-certs\StartCom_Free_SSL_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Thawte_Premium_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded Thawte Premium Server CA from C:\Program
Files (x86)\Pidgin\ca-certs\Thawte_Premium_Server_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Thawte_Primary_Root_CA.pem
(14:58:45) certificate/x509/ca: Loaded thawte Primary Root CA from C:\Program Fi
les (x86)\Pidgin\ca-certs\Thawte_Primary_Root_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\ValiCert_Class_2_VA.pem
(14:58:45) certificate/x509/ca: Loaded http://www.valicert.com/ from C:\Program
Files (x86)\Pidgin\ca-certs\ValiCert_Class_2_VA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_Class3_Extended_Validation_CA.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Extended Validation SSL
CA from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class3_Extended_Validati
on_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Verisign_Class3_Primary_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\Verisign_Class3_Primary_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certifica
tion Authority - G5 from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class_3
_Public_Primary_Certification_Authority_-_G5.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem
(14:58:45) certificate/x509/ca: Loaded VeriSign Class 3 Public Primary Certifica
tion Authority - G5 from C:\Program Files (x86)\Pidgin\ca-certs\VeriSign_Class_3
_Public_Primary_Certification_Authority_-_G5_2.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\VeriSign_International_Server_Class_3_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\VeriSign_International_Server_Class_3_CA.pem
(14:58:45) nss/x509: Loading certificate from C:\Program Files (x86)\Pidgin\ca-c
erts\Verisign_RSA_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Loaded (unknown) from C:\Program Files (x86)\Pid
gin\ca-certs\Verisign_RSA_Secure_Server_CA.pem
(14:58:45) certificate/x509/ca: Lazy init completed.
(14:58:45) certificate/x509/tls_cached: No Certificate Authorities with either D
N found found. I'll prompt the user, I guess.
(14:58:47) certificate/x509/tls_cached: User REJECTED cert
(14:58:47) certificate: Failed to verify certificate for gmail.com
(14:58:47) connection: Connection error on 0534E4E0 (reason: 15 description: SSL
peer presented an invalid certificate)
(14:58:47) account: Disconnecting account [email protected]/ (00926D38)
(14:58:47) connection: Disconnecting connection 0534E4E0
(14:58:47) connection: Destroying connection 0534E4E0
(14:58:49) util: Writing file accounts.xml to directory C:\Users\XMo\AppData
\Roaming\.purple
(14:58:49) util: Writing file C:\Users\XMo\AppData\Roaming\.purple\accounts.
xml
I received the same error this morning and found a similar complaint here: http://comments.gmane.org/gmane.comp.gnome.pidgin.user/13678 .
I updated my Pidgin client to 2.10.7 as suggested and everything appears to work fine now.
I hope that helps.