[guardian-dev] Fwd: verifying XMPP server certs
Marc Bejarano
lists.mayfirst.org at beej.org
Mon Aug 11 17:19:00 EDT 2014
thanks, nathan.
are you able to get a matching SHA1?
cheers,
marc
On Mon, Aug 11, 2014 at 2:13 PM, Nathan of Guardian <
nathan at guardianproject.info> wrote:
>
>
> On 08/11/2014 04:55 PM, Nathan of Guardian wrote:
> > i've been happily using ChatSecure for iOS for some time. on July
> > 7th, it warned
> > me that the TLS cert for talk.google.com had changed. i accepted it and
> > ended up with the app telling me i now have a cert saved with SHA1
> > 96:d7:17:4a:aa:71:6e:85:3f:57:b0:ce:3c:40:64:55:f4:7b:1f.
> >
> > i've been trying to verify the hash from the command line, but haven't
> been
> > able to. i'm using this one-liner:
> > ===
> > $ openssl s_client -connect talk.google.com:5223 2>&1 | sed -ne '/-BEGIN
> > CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -fingerprint
> > ===
> > it currently spits out:
> > SHA1
> Fingerprint=05:E7:8E:8D:CB:85:04:1F:D2:99:8C:3F:F9:D3:2F:4F:2D:FB:67:39
> >
> > does anybody have a recipe for generating an SH1 that matches the
> > 96:d7:17:4a:aa:71:6e:85:3f:57:b0:ce:3c:40:64:55:f4:7b:1f one that
> > ChatSecure stored or can anybody tell me what i'm dong wrong?
>
> I think you want to try talk.l.google.com possibly, using port 5222. It
> is "starttls"
>
> Here is some java code that can help fetch certs:
> https://github.com/binaryparadox/JabberPinFetch
>
> You can also run tests here:
> https://xmpp.net/result.php?domain=gmail.com&type=client
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140811/18bcec3f/attachment.html>
More information about the Guardian-dev
mailing list