| 12 Feb 09:12 2010

[ emacs-jabber-Bugs-2950401 ] Invalid TLS certificate checking

Bugs item #2950401, was opened at 2010-02-12 08:12
Message generated for change (Tracker Item Submitted) made by nobody
You can respond by visiting:

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Connectivity
Group: v0.8.0
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: Invalid TLS certificate checking

Initial Comment:
Debian bug report (see

when connecting via TLS, jabber.el does not check for the correct CN in
the certificate:

  Jabber-ID: bob <at>
  DNS: IN SRV 50 50 5022

jabber.el now looks up the SRV entry and connects to  It then expects the certificate's CN to match
"", but it should expect "" as documented
in RFC 3920:

  Certificates MUST be checked against the hostname as provided by the
  initiating entity (e.g., a user), not the hostname as resolved via the
  Domain Name System; e.g., if the user specifies a hostname of
  "" but a DNS SRV lookup returned "", the
  certificate MUST be checked as "".
    --, 8.


You can respond by visiting:

SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW