[guardian-dev] Fwd: verifying XMPP server certs

Nathan of Guardian nathan at guardianproject.info
Mon Aug 11 16:55:58 EDT 2014




-------- Forwarded Message --------
Subject: verifying XMPP server certs
Date: Mon, 11 Aug 2014 13:41:16 -0700
From: Marc Bejarano <beej at beej.org>
To: guardian-dev at lists.mayfirst.org

hi all,

i've been happily using ChatSecure for iOS for some time.  on July
7th, it warned
me that the TLS cert for talk.google.com had changed.  i accepted it and
ended up with the app telling me i now have a cert saved with SHA1
96:d7:17:4a:aa:71:6e:85:3f:57:b0:ce:3c:40:64:55:f4:7b:1f.

i've been trying to verify the hash from the command line, but haven't been
able to.  i'm using this one-liner:
===
$ openssl s_client -connect talk.google.com:5223 2>&1 | sed -ne '/-BEGIN
CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -fingerprint
===
it currently spits out:
SHA1 Fingerprint=05:E7:8E:8D:CB:85:04:1F:D2:99:8C:3F:F9:D3:2F:4F:2D:FB:67:39

does anybody have a recipe for generating an SH1 that matches the
96:d7:17:4a:aa:71:6e:85:3f:57:b0:ce:3c:40:64:55:f4:7b:1f one that
ChatSecure stored or can anybody tell me what i'm dong wrong?

thanks!
marc





More information about the Guardian-dev mailing list