Project

General

Profile

Bug #186

Bip crash after using "/QUOTE BIP TRUST OK" on a new connection

Added by Pierre-Louis Bonicoli over 8 years ago. Updated almost 6 years ago.

Status:
New
Priority:
High
Assignee:
-
Target version:
-
Start date:
2011-01-18
Due date:
% Done:

0%

Patch Available:
No
Found in Versions:
0.8.6
Confirmed:
Yes
Branch:
Security:
No
Help Needed:
No

Description

How to reproduce:

  1. /etc/bip.conf: add a new ssl connection
  2. restart bip (Debian: /etc/init.d/bip restart)
  3. use /QUOTE BIP TRUST OK
    # all client connections are disconnected

Logs

Client logs:

03:12:08 oftc | irc: connecting to server irc-bouncer/7778...
03:12:08 oftc | irc: connected to irc-bouncer
03:12:08 oftc -- | b.i.p (b.i.p): This server SSL certificate was not accepted because it is not in your store of trusted certificates:
03:12:08 oftc -- | b.i.p (b.i.p): Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=
03:12:08 oftc -- | b.i.p (b.i.p): Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=
03:12:08 oftc -- | b.i.p (b.i.p): MD5 fingerprint: 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78
03:12:08 oftc -- | b.i.p (b.i.p): WARNING: if you've already trusted a certificate for this server before, that probably means it has changed.
03:12:08 oftc -- | b.i.p (b.i.p): If so, YOU MAY BE SUBJECT OF A MAN-IN-THE-MIDDLE ATTACK! PLEASE DON'T TRUST THIS CERTIFICATE IF YOU'RE NOT SURE THIS IS NOT THE CASE.
03:12:08 oftc -- | b.i.p (b.i.p): Type /QUOTE BIP TRUST OK to trust this certificate, /QUOTE BIP TRUST NO to discard it.
03:12:20 oftc -- | irc.bip.net (irc.bip.net): ==== Certificate now trusted.
03:12:20 oftc -- | irc.bip.net (irc.bip.net): No more certificates waiting awaiting user trust, thanks!
03:12:20 oftc -- | irc.bip.net (irc.bip.net): If the certificate is trusted, bip should be able to connect to the server on the next retry. Please wait a while and try connecting your client again.

Bip logs:

18-01-2011 03:12:12 ERROR: No certificate in SSL write_socket
18-01-2011 03:12:12 ERROR: SSL cert check failed at depth=3: certificate rejected (28)
18-01-2011 03:12:12 ERROR: Certificate check failed: certificate rejected (28)!
18-01-2011 03:12:12 ERROR: Error on fd 31 (state 9)
18-01-2011 03:12:12 ERROR: [oftc] read_lines error, closing...
18-01-2011 03:12:12 ERROR: [oftc] reconnecting in 240 seconds
18-01-2011 03:12:54 ERROR: No certificate in SSL write_socket

History

#1 Updated by Pierre-Louis Bonicoli over 8 years ago

  • Target version set to 0.8.8

#2 Updated by Pierre-Louis Bonicoli over 8 years ago

  • Priority changed from Normal to High
  • Target version changed from 0.8.8 to 0.8.9

#3 Updated by Arnaud Cornet about 8 years ago

Why is this not fixed. need help?

#4 Updated by Pierre-Louis Bonicoli over 7 years ago

  • Assignee deleted (Pierre-Louis Bonicoli)

#5 Updated by Pierre-Louis Bonicoli about 7 years ago

  • Help Needed set to No

Occurs too when an old certificate with an identical CN is already in the trusted store (but "Certificate now trusted" doesn't appear).

#6 Updated by Marc Dequènes almost 6 years ago

  • Target version deleted (0.8.9)

Also available in: Atom PDF