search

EionRobb / pidgin-opensteamworks

Steam plugin for Pidgin/libpurple
153 stars 5 forks source link

Certificates #181

Open alexolog opened 5 years ago

alexolog commented 5 years ago

Since yesterday, Pidgin pops up complaints about the Steam certificate

alexolog commented 5 years ago

Now I'm getting the pop up every couple of minutes. The debug logs shows that sometimes the certificate is accepted, and sometimes it isn't:


(14:14:36) steam: executing callback for /ISteamWebUserPresenceOAuth/Poll/v0001
(14:14:38) steam: getting url /ISteamWebUserPresenceOAuth/Poll/v0001
(14:14:38) dnsquery: Performing DNS lookup for api.steampowered.com
(14:14:38) dnsquery: IP resolved for api.steampowered.com
(14:14:38) proxy: Connecting to api.steampowered.com:443 with no proxy
(14:14:38) proxy: Connecting to api.steampowered.com:443.
(14:14:38) proxy: Connected to api.steampowered.com:443.
(14:14:38) nss: subject=CN=store.steampowered.com,O=Valve Corporation,L=Bellevue,ST=Washington,C=US,serialNumber=602 290 773,incorporationState=Washington,incorporationCountry=US,businessCategory=Private Organization issuer=CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(14:14:38) certificate/x509/tls_cached: Starting verify for api.steampowered.com
(14:14:38) nss/x509: Loading certificate from C:\Users\Me\AppData\Roaming\.purple\certificates\x509\tls_peers\api.steampowered.com
(14:14:38) nss/x509: Exporting certificate to C:\Users\Me\AppData\Roaming\.purple\certificates\x509\tls_peers\api.steampowered.com
(14:14:38) util: Writing file C:\Users\Me\AppData\Roaming\.purple\certificates\x509\tls_peers\api.steampowered.com
(14:14:38) nss: Trusting CN=store.steampowered.com,O=Valve Corporation,L=Bellevue,ST=Washington,C=US,serialNumber=602 290 773,incorporationState=Washington,incorporationCountry=US,businessCategory=Private Organization
(14:14:38) certificate: Successfully verified certificate for api.steampowered.com
(14:14:38) steam: post_or_get_ssl_connect_cb

(14:14:58) steam: executing callback for /ISteamWebUserPresenceOAuth/Poll/v0001
(14:15:00) steam: getting url /ISteamWebUserPresenceOAuth/Poll/v0001
(14:15:00) dnsquery: Performing DNS lookup for api.steampowered.com
(14:15:00) dnsquery: IP resolved for api.steampowered.com
(14:15:00) proxy: Connecting to api.steampowered.com:443 with no proxy
(14:15:00) proxy: Connecting to api.steampowered.com:443.
(14:15:00) proxy: Connected to api.steampowered.com:443.
(14:15:00) nss: subject=CN=store.steampowered.com,O=Valve Corp,L=Bellevue,ST=Washington,C=US,serialNumber=602 290 773,incorporationState=Washington,incorporationCountry=US,businessCategory=Private Organization issuer=CN=DigiCert ECC Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(14:15:00) certificate/x509/tls_cached: Starting verify for api.steampowered.com
(14:15:00) nss/x509: Loading certificate from C:\Users\Me\AppData\Roaming\.purple\certificates\x509\tls_peers\api.steampowered.com
(14:15:00) nss: CERT 0. CN=store.steampowered.com,O=Valve Corp,L=Bellevue,ST=Washington,C=US,serialNumber=602 290 773,incorporationState=Washington,incorporationCountry=US,businessCategory=Private Organization :
EionRobb commented 5 years ago

The server is currently giving out two different ssl certs, depending on load balancing and stuff. I believe only one of the root CA's is in the ca-certs that ship with Pidgin, but not the other?

alexolog commented 5 years ago

Questions:

  1. Why doesn't accepting the certificate stick?
  2. How do we save the 2nd certificate?

Thank you.