Invalid Certificate error when using free certs from StartCom

redsolution / xabber-android

Open-source XMPP client for Android

http://xabber.com

Other

1.82k stars 815 forks source link

Invalid Certificate error when using free certs from StartCom #262

Open freddielam opened 10 years ago

freddielam commented 10 years ago

Getting a Signature chain verification failed error when trying to sign in to xmpp server using the free StartCom cert from startssl.com. No certificate warnings on iOS, iMessage or Pidgin messengers.

wiki shows startcom ca certs are in most browsers and android > 2.1

http://en.wikipedia.org/wiki/Comparison_of_SSL_certificates_for_web_servers

sezuan commented 10 years ago

I've noticed the same thing. Server with the StartCom Class 2 certificate work, those with the StartCom Class 1 certificate don't. All seem to send the proper intermediate certificates, the certificate is not expired and the CN/subjectAlternativeNames match the jabber domain. Any ideas why this happens?

vlopezj commented 10 years ago

I have the same issue. I'd say there might be a bug when validating certificates with intermediate CA's; other clients such as yaxim don't have this issue.