Page MenuHomeSolus

encoding problems in 2 files in /etc/ssl/certs/
Closed, ResolvedPublic

Description

Hi folks, i'm trying to update gajim (D2837) and nbxmpp (D2836) during this i ran into an issue adressed earlier by the gajim dev team (https://dev.gajim.org/gajim/python-nbxmpp/issues/51). While the certificates in the system cert directory are read, there is an encoding error. The fix from Gajim Devs was to set the encoding to UTF-8 while opening each file. After doing some research, why this problem still persists after their patch, I ran into an odd observation.

Two of the certs in /etc/ssl/certs are encoded using iso-8859-1

file -i /etc/ssl/certs/* | grep iso
/etc/ssl/certs/6f2c1157.pem:        text/plain; charset=iso-8859-1
/etc/ssl/certs/ca-certificates.crt: text/plain; charset=iso-8859-1

I checked this on 2 hardware machines running solus and checked the built ca-certs package as well.

The output remains the same.

My guess is, that nbxmpp has problems processing these files because the specify the encoding to utf-8.

Could someone verify that these 2 certs are encoded the same as on my machines, or if i'm completely wrong with my guess.

Thanks!

Event Timeline

cigh033 created this task.May 3 2018, 3:30 PM
nazar added a subscriber: nazar.EditedMay 26 2018, 10:46 AM

I ran into the same problem as of update to gajim 1.0.2. To make gajim work again I use code below to patch/usr/lib64/python3.6/site-packages/nbxmpp/tls_nb.py:349

try:
    lines = f.readlines()
except (UnicodeDecodeError) as e:
    log.warning(cert_path)
    f.close()
    f = open(cert_path, encoding='latin-1')
    lines = f.readlines()

You can see warning command which outputs one other file, that is apparently latin-1 encoded too
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/ca-certificates.crt
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/6f2c1157.0
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/6f2c1157.pem

Edit: /etc/ssl/certs/6f2c1157.0 is a symlink to 6f2c1157.pem

Until this is solved, you can convert the files with a wrong encoding using the below command:
sudo iconv -f iso-8859-1 -t ascii//TRANSLIT 6f2c1157.pem -o 6f2c1157.pem

should we patch nbxmpp with the provided patch?

imho it's R478 that should be patched because some other applications may also dislike such encoding, but let's ask @ikey what should be done with this.
if you should patch nbxmpp, please commandeer D3011 instead of working on the version from the repository.

JoshStrobl triaged this task as Normal priority.Jul 20 2018, 11:19 AM
JoshStrobl edited projects, added Software; removed Lacks Project.