Google chat user can not be TLS authenticated [explained]

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Have an account at google mail.
2. As described here: http://code.google.com/apis/talk/open_communications.html
try to connect using console client. Network server: talk.google.com;
Server gmail.com; user name and password, initiate TLS;
3. You will receive mismatch CN exception.

Debugging shows that google returns certificate for "gmail.com", not
"talk.google.com". Perhaps TLS is considered a connection to "logical"
server, not to the "network" one.

What version of the product are you using? On what operating system?
I compiled the library from trunk. Windows 2003, VS-2003.

Original issue reported on code.google.com by kot.bege...@gmail.com on 15 Dec 2007 at 11:59

[GoogleCodeExporter]

Digged into the spec and found:
http://tools.ietf.org/html/rfc3920#page-19

Certificates MUST be checked against the hostname as provided by
       the initiating entity (e.g., a user), not the hostname as
       resolved via the Domain Name System; e.g., if the user specifies
       a hostname of "example.com" but a DNS SRV [SRV] lookup returned

So looks like a bug in the library.

Original comment by kot.bege...@gmail.com on 16 Dec 2007 at 1:15

[GoogleCodeExporter]

Fixed, along with a Mentalis StartTLS race condition.

Original comment by hil...@gmail.com on 19 Dec 2007 at 9:51

• Changed state: Fixed