Manually approved self-signed certificate not used for HTTP file download
Versions
- OS: Fedora 36
- Gajim version: 1.4.7
- GTK version: 3.24.34
- Python-nbxmpp version: 3.1.0
Basically the Flathub version.
Steps to reproduce the problem
- My XMPP server uses self-signed certificate.
- Gajim prompts for certificate validation (do you want to trust this certificate balabala), I accepted the certificate.
- Gajim connects to my server.
- I upload a file using HTTP upload, the file got uploaded successfully, I try to check my uploaded file
Expected behavior
I can see my uploaded file
Actual behavior
I can't see the uploaded file, it says:
TLS verification failed: The signing certificate authority is not known
This is not a cerfiticate issue as I use the same certificate on Conversations (Android) and HTTP file download has no issue.
Gajim has the same issue on Windows, although I could manually import my certificate to personal trust to workaround the issue. I don't know how to do that on Linux without root (user wide trust). Also from privacy perspective importing self-signed certificate into system store isn't a good idea, as all apps on this PC get to see that very unique certificate, this is better handled by specific application.
#9179 (closed) looks related to this issue but it seems you only fixed the uploading part but not downloading part, as I can see my uploaded file on my other device (with Conversations), which means Gajim actually used my self-signed certificate during uploading process.