Page MenuHomeSolus
Create Task
Maniphest T6317

encoding problems in 2 files in /etc/ssl/certs/
Closed, ResolvedPublic
Actions

Description

Hi folks, i'm trying to update gajim (D2837) and nbxmpp (D2836) during this i ran into an issue adressed earlier by the gajim dev team (https://dev.gajim.org/gajim/python-nbxmpp/issues/51). While the certificates in the system cert directory are read, there is an encoding error. The fix from Gajim Devs was to set the encoding to UTF-8 while opening each file. After doing some research, why this problem still persists after their patch, I ran into an odd observation.

Two of the certs in /etc/ssl/certs are encoded using iso-8859-1

file -i /etc/ssl/certs/* | grep iso
/etc/ssl/certs/6f2c1157.pem:        text/plain; charset=iso-8859-1
/etc/ssl/certs/ca-certificates.crt: text/plain; charset=iso-8859-1

I checked this on 2 hardware machines running solus and checked the built ca-certs package as well.

The output remains the same.

My guess is, that nbxmpp has problems processing these files because the specify the encoding to utf-8.

Could someone verify that these 2 certs are encoded the same as on my machines, or if i'm completely wrong with my guess.

Thanks!

Revisions and Commits

R865 gajim
ClosedD2837 Update gajim to Version 1.0.2
R2625 python-nbxmpp
ClosedD2836 Update nbxmpp to 0.6.5 (needed for gajim 1.0.2)
R478 ca-certs
D3927R478:23d1f0842233 Update ca-certs to 20181020

Related Objects

Event Timeline

cigh033 created this task.May 3 2018, 3:30 PM
Herald added a project: Lacks Project. · View Herald TranscriptMay 3 2018, 3:30 PM
cigh033 mentioned this in D2837: Update gajim to Version 1.0.2.May 3 2018, 3:30 PM
cigh033 added a revision: D2837: Update gajim to Version 1.0.2.
cigh033 added a revision: D2836: Update nbxmpp to 0.6.5 (needed for gajim 1.0.2).
JoshStrobl mentioned this in R2625:fc9543a97c56: Update nbxmpp to 0.6.5 (needed for gajim 1.0.2).May 19 2018, 3:51 PM
nazar added a subscriber: nazar.EditedMay 26 2018, 10:46 AM

I ran into the same problem as of update to gajim 1.0.2. To make gajim work again I use code below to patch/usr/lib64/python3.6/site-packages/nbxmpp/tls_nb.py:349

try:
    lines = f.readlines()
except (UnicodeDecodeError) as e:
    log.warning(cert_path)
    f.close()
    f = open(cert_path, encoding='latin-1')
    lines = f.readlines()

You can see warning command which outputs one other file, that is apparently latin-1 encoded too
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/ca-certificates.crt
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/6f2c1157.0
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/6f2c1157.pem

Edit: /etc/ssl/certs/6f2c1157.0 is a symlink to 6f2c1157.pem

kyrios123 added a subscriber: kyrios123.May 26 2018, 2:17 PM

Until this is solved, you can convert the files with a wrong encoding using the below command:
sudo iconv -f iso-8859-1 -t ascii//TRANSLIT 6f2c1157.pem -o 6f2c1157.pem

kyrios123 mentioned this in D3012: Update gajim to 1.0.3.May 26 2018, 2:18 PM
cigh033 added a comment.May 26 2018, 8:18 PM

should we patch nbxmpp with the provided patch?

kyrios123 added a subscriber: ikey.May 26 2018, 10:46 PM

imho it's R478 that should be patched because some other applications may also dislike such encoding, but let's ask @ikey what should be done with this.
if you should patch nbxmpp, please commandeer D3011 instead of working on the version from the repository.

DataDrake mentioned this in R865:cd4e250dd372: Update gajim to 1.0.3.Jun 10 2018, 6:14 PM
JoshStrobl triaged this task as Normal priority.Jul 20 2018, 11:19 AM
JoshStrobl edited projects, added Software; removed Lacks Project.
kyrios123 added a revision: D3927: Update ca-certs to 20181020.Sep 27 2018, 8:11 PM
kyrios123 closed this task as Resolved by committing R478:23d1f0842233: Update ca-certs to 20181020.Oct 20 2018, 2:09 PM
kyrios123 added a commit: R478:23d1f0842233: Update ca-certs to 20181020.
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.