Page MenuHomeSolus

encoding problems in 2 files in /etc/ssl/certs/
Closed, ResolvedPublic


Hi folks, i'm trying to update gajim (D2837) and nbxmpp (D2836) during this i ran into an issue adressed earlier by the gajim dev team ( While the certificates in the system cert directory are read, there is an encoding error. The fix from Gajim Devs was to set the encoding to UTF-8 while opening each file. After doing some research, why this problem still persists after their patch, I ran into an odd observation.

Two of the certs in /etc/ssl/certs are encoded using iso-8859-1

file -i /etc/ssl/certs/* | grep iso
/etc/ssl/certs/6f2c1157.pem:        text/plain; charset=iso-8859-1
/etc/ssl/certs/ca-certificates.crt: text/plain; charset=iso-8859-1

I checked this on 2 hardware machines running solus and checked the built ca-certs package as well.

The output remains the same.

My guess is, that nbxmpp has problems processing these files because the specify the encoding to utf-8.

Could someone verify that these 2 certs are encoded the same as on my machines, or if i'm completely wrong with my guess.


Event Timeline

I ran into the same problem as of update to gajim 1.0.2. To make gajim work again I use code below to patch/usr/lib64/python3.6/site-packages/nbxmpp/

    lines = f.readlines()
except (UnicodeDecodeError) as e:
    f = open(cert_path, encoding='latin-1')
    lines = f.readlines()

You can see warning command which outputs one other file, that is apparently latin-1 encoded too
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/ca-certificates.crt
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/6f2c1157.0
05/26/2018 13:42:15 (W) nbxmpp.tls_nb /etc/ssl/certs/6f2c1157.pem

Edit: /etc/ssl/certs/6f2c1157.0 is a symlink to 6f2c1157.pem

Until this is solved, you can convert the files with a wrong encoding using the below command:
sudo iconv -f iso-8859-1 -t ascii//TRANSLIT 6f2c1157.pem -o 6f2c1157.pem

should we patch nbxmpp with the provided patch?

imho it's R478 that should be patched because some other applications may also dislike such encoding, but let's ask @ikey what should be done with this.
if you should patch nbxmpp, please commandeer D3011 instead of working on the version from the repository.

JoshStrobl edited projects, added Software; removed Lacks Project.