Bug 318729

It seems to work here. Is there anything special about your network? Do you have any proxies normally that Kopete might be using that we're not?

From the code we raise this error if trying to match anything that is not an x509 certificate. I wonder if you're hitting a different certificate type to me.

I know this is a big request, but would it be possible for you to run ktp-auth-handler in a debugger, break on tls-cert-verifier-op.cpp:80 and print out m_certType.
or add a qDebug() at that point?

I have this problem with any XMPP account other than Google's. I don't use Facebook, but I get Network Error when trying to connect to duckgo.com's XMPP server, but it works with pidgin at least.
This is what I am talking about: https://dukgo.com/blog/using-pidgin-with-xmpp-jabber

@Omid 
Can we check it's the same issue.

If you run "usr/lib/kde4/libexec/ktp-auth-handler --debug --persist" in the console. Then reconnect do you get:

ktp-auth-handler(8129) TlsHandler::onCertVerifierFinished: Error verifying TLS certificate: "Cert.Unknown" - "Invalid certificate type"

(In reply to comment #3)
> @Omid 
> Can we check it's the same issue.
> 
> If you run "usr/lib/kde4/libexec/ktp-auth-handler --debug --persist" in the
> console. Then reconnect do you get:
> 
> ktp-auth-handler(8129) TlsHandler::onCertVerifierFinished: Error verifying
> TLS certificate: "Cert.Unknown" - "Invalid certificate type"

I get this error:
ktp-auth-handler(3256) TlsHandler::onCertVerifierFinished: Error verifying TLS certificate: "Cert.Unknown" - "Invalid certificate type" 
However, this might be a problem with my internet connection, in which many secure connections are dropped(active filtering, you know :|).

Omid, are you able to provide the information I need from Comment 1?

If not I'll add a debug line in the code so that it is in 0.6.3, and we'll have to wait until we make that.

(In reply to comment #5)
> Omid, are you able to provide the information I need from Comment 1?
> 
> If not I'll add a debug line in the code so that it is in 0.6.3, and we'll
> have to wait until we make that.

Hello David. I have exactly the same issue:
ktp-auth-handler(3384) TlsHandler::onCertVerifierFinished: Error verifying TLS certificate: "Cert.Unknown" - "Invalid certificate type"
Are there any progress? I can help with debugging if needed.

@Thomas,
do you have empathy installed?

also can one of you run:
mc-tool list.

Find the account that can't connect and run:
mc-tool show account/path

filter out the sensitive information and paste here.

Debug info:
Breakpoint 1, TlsCertVerifierOp::gotProperties (this=0xa24ee0, op=<optimized out>)
    at /build/buildd/ktp-auth-handler-0.6.1/tls-cert-verifier-op.cpp:81
81      in /build/buildd/ktp-auth-handler-0.6.1/tls-cert-verifier-op.cpp
(gdb) print m_certType
$3 = {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 3174}, alloc = 0, size = 0, 
    data = 0x62909a <QString::shared_null+26>, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, 
    reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 65}, alloc = 0, size = 0, 
    data = 0x7f6c0cc9b91a <QString::shared_empty+26>, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, 
    reserved = 0, array = {0}}, d = 0xa2c690, static codecForCStrings = 0x0}
(gdb) 

mc-tool info:
konstantin@ks-laptop:~$ mc-tool show gabble/jabber/k***********40gmail_2ecom0
     Account: gabble/jabber/k*********40gmail_2ecom0
Display Name: k*********@gmail.com
     Enabled: enabled
        Icon: jabber
    Connects: only when requested
     Service: jabber

Presences:
   Automatic: available (2) ""
     Current: offline (1) ""
   Requested: available (2) ""
    Changing: yes

Storage:
    Provider: im.telepathy.Account.Storage.UOA
  Identifier: uint32 1
Restrictions: Cannot_Set_Service

      (string) server = talk.google.com
      (string) fallback-conference-server = groupchat.google.com
        (uint) port = 5223
       (GStrv) fallback-socks5-proxies = [""]
      (string) resource = kde-telepathy-771168
        (bool) old-ssl = true
      (string) account = k*********@gmail.com

Sorry, here is more readable debug info:
(gdb) print m_certType
$2 = {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 3134}, alloc = 0, size = 0, 
    data = 0x62909a <QString::shared_null+26>, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, 
    reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 65}, alloc = 0, size = 0, 
    data = 0x7faefad6a91a <QString::shared_empty+26>, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, 
    reserved = 0, array = {0}}, d = 0x12b39c0, static codecForCStrings = 0x0}
(gdb) define printqstring
Type commands for definition of "printqstring".
End with a line saying just "end".
>    printf "(QString)0x%x (length=%i): \"",&$arg0,$arg0.d->size
>    set $i=0
>    while $i < $arg0.d->size
 >        set $c=$arg0.d->data[$i++]
 >        if $c < 32 || $c > 127
  >                printf "\\u0x%04x", $c
  >        else
  >                printf "%c", (char)$c
  >        end
 >    end
>    printf "\"\n"
>end
(gdb) printqstring m_certType
(QString)0x12ba0a8 (length=4): "x509"
(gdb)

if(m_certType.compare(QLatin1String("\"x509\""), Qt::CaseInsensitive)) { ...

m_certType = "x509", but should be "\"x509\""

(In reply to comment #8)
>         Icon: jabber
>      Service: jabber

Service should be google-talk... Did you use our accounts GUI to create the account? Or did you use Empathy? If you used our, did you choose to create a "jabber" account or a "Google Talk" account?

> Storage:
>  Provider: im.telepathy.Account.Storage.UOA
>  Identifier: uint32 1
>  Restrictions: Cannot_Set_Service

Also I'm quite sure that we don't use the Storage interface, so this definitely looks like an account created from Empathy

Can you try deleting the account and recreating it from our gui?

(In reply to comment #7)
> do you have empathy installed?
Yes, I have Empathy installed.  I'm using Ubuntu 13.04 + "kubuntu-full" package.

(In reply to comment #11)
> Can you try deleting the account and recreating it from our gui?
I removed all old acounts and created the new one using "KDE IM Contacts", choosed "Google Talk" account:
konstantin@ks-laptop:~$ mc-tool show gabble/jabber/k**********_40gmail_2ecom1
     Account: gabble/jabber/k***********_40gmail_2ecom1
Display Name: k***********@gmail.com
     Enabled: enabled
        Icon: im-jabber
    Connects: only when requested
     Service: google-talk

Presences:
   Automatic: available (2) ""
     Current: offline (1) ""
   Requested: available (2) ""
    Changing: yes

Storage:
    Provider: im.telepathy.Account.Storage.UOA
  Identifier: uint32 3
Restrictions: Cannot_Set_Service

      (string) fallback-conference-server = groupchat.google.com
        (bool) old-ssl = true
      (string) server = talk.google.com
      (string) resource = kde-telepathy-771168
        (uint) port = 5223
      (string) account = k***********@gmail.com

Result is the same:
konstantin@ks-laptop:~$ /usr/lib/kde4/libexec/ktp-auth-handler --debug --persist
ktp-auth-handler(7240) TlsHandler::onCertVerifierFinished: Error verifying TLS certificate: "Cert.Unknown" - "Invalid certificate type"

I had the same problem and I've solved it today. Try following steps:

1. Run KDE Wallet Manager
2. Delete the kdewallet Wallet
3. Log out from your computer account and log in again (or reboot computer)

Telepathy will require new wallet and, after creating one, will ask for passwords to your chat accounts. And it works :)

If it doesn't work, try it again, but set the empty password for new wallet (leave the fields empty). It worked for me.

Git commit 048ae61e33d4026b24d6da474dba37f4c5868c8b by David Edmundson.
Committed on 15/07/2013 at 13:05.
Pushed by davidedmundson into branch 'kde-telepathy-0.6'.

Correctly search to see if we support the certificate type
FIXED-IN: 0.6.3
REVIEWED-BY: Daniele Domenichelli

M  +5    -2    tls-cert-verifier-op.cpp

http://commits.kde.org/telepathy-auth-handler/048ae61e33d4026b24d6da474dba37f4c5868c8b