Invalid certificate with generic error, since 1.7.x
When trying to connect to my ejabberd server, Gajim fails with an unknown SSL certificate validation error. This happens with Gajim 1.7.2 and 1.7.3 on different computers.
On one of them, it worked fine with 1.6 right before updating to 1.7.3, and I can connect with other clients (Dino, converse.js) without similar problem. So the certificate doesn't seem to be faulty.
It seems that on the first computer, it was working correctly on 1.7.2 until last week-end (so almost while 1 month) (not 100% sure it was effectively on 1.7.2, but like 90%, though).
Here's the log when launched with -v:
(I) nbxmpp.connection (noizette.net) Start TLS negotiation
(I) nbxmpp.stream (noizette.net) Start stream
(I) nbxmpp.stream (noizette.net) Set state: StreamState.WAIT_FOR_STREAM_START
(I) nbxmpp.connection (noizette.net) Found TLS certificate errors: {<flags G_TLS_CERTIFICATE_GENERIC_ERROR of type Gio.TlsCertificateFlags>}
(I) nbxmpp.connection (noizette.net) Signal: bad-certificate
(I) nbxmpp.stream (noizette.net) Set error: StreamError.BAD_CERTIFICATE, bad certificate, None
(I) nbxmpp.connection (noizette.net) Certificate Error: g-tls-error-quark: Certificat TLS inacceptable (2)
(I) nbxmpp.connection (noizette.net) Remove keepalive timer
(I) nbxmpp.connection (noizette.net) Set Connection State: TCPState.DISCONNECTED
(I) nbxmpp.connection (noizette.net) Signal: disconnected
(I) nbxmpp.stream (noizette.net) Set state: StreamState.DISCONNECTED
(I) nbxmpp.stream (noizette.net) Signal: disconnected
(I) gajim.client Disconnect noizette.net
(I) gajim.client State: ClientState.DISCONNECTED
It doesn't seem related to #11366, although it's a self-signed cert, as it was fine on 1.6, and I don't even have option to add the cert as an exception.
Versions
- OS: Debian 11 / Ubuntu 22.04
- Gajim version: 1.7.2, 1.7.3
- GTK version: 3.24.37
- Python-nbxmpp version: 4.2.2