(Optionally) Remove the fingerprint check on certificate update
When a server certificate has changed there is a popup about fingerprint changed.
Regular users don't understand or need this information. (to compare, your internet bank does not request you to check fingerprints when they update their certificate). Now many home servers are using Lets Encrypt witch is renewed every few months, the fingerprints dialog will just be nagging.
Maybe an ACE option to disable the fingerprint check, default for regular users to not display the dialog at all. Or just remove the fingerprint check all together.
this is a bug
this dialog is not a normal fingerprint check, the message reads "It seems the SSL certificate of account %(account)s has changed and is not valid"
Gajim thinks your cert is not valid, this is because the function check_X509.check_certificate() returns false.
there can be two reasons for this
your PyOpenSSL version is outdated, please check the installed version before you update, and write it here
the function can not probably check your certificate for some reason, in that case i would provide you with a file that has debug output around that
I cant reproduce this on my Windows, nor on my kubuntu maschine. Even though i forced Gajim to think the fingerprint has changed.
if this occurs even though
- you are on Gajim Nightly
- latest PyOpenSSL is installed
then we should track this bug down. i attached check_X509.py. if someone is interested in testing this, just replace the one in src/common/
and start gajim afterwards with
the log should only contain something if a certificate change happens. this file is only for Gajim Nightly.
i think this is already fixed in gajim nightly
The exact text of the dialog (in gajim 0.16.5) is:
SSL certificate error It seems the SSL certificate of account abc has changed or your connection is being hacked. Old fingerprint: ... New fingerprint: ... Do you still want to connect and update the fingerprint of the certificate? No, Yes, View cert...