Created attachment 117376 [details] KDE SSL error SUMMARY I can no longer connect to Google chat services, the error I get is: "No SNI provided, please fix your client" Please see the attachment for more details. STEPS TO REPRODUCE 1. Attempt to go online (instant messaging) with your Google account 2. An error dialog will pop up: "The server failed the authenticity check (google.com). The certificate is not signed by any trusted certificate authority" 3. Click on details and observe the error: "No SNI provided, please fix your client" OBSERVED RESULT 2. Connection fails, see previously mentioned error and attached screenshot EXPECTED RESULT 1. You should seamlessly be able to connect to the Google chat services once you've setup your online account SOFTWARE/OS VERSIONS Operating System: Arch Linux KDE Plasma Version: 5.14.5 Qt Version: 5.12.0 KDE Frameworks Version: 5.53.0 Kernel Version: 4.20.0-arch1-1-ARCH OS Type: 64-bit ADDITIONAL INFORMATION Installed telepathy packages: telepathy-accounts-signon 1.0-4 telepathy-farstream 0.6.2-5 telepathy-gabble 0.18.4-2 telepathy-glib 0.24.1-2 telepathy-haze 0.8.0-2 telepathy-idle 0.2.0-2 telepathy-kde-accounts-kcm 18.12.0-1 telepathy-kde-approver 18.12.0-1 telepathy-kde-auth-handler 18.12.0-1 telepathy-kde-call-ui 18.12.0-1 telepathy-kde-common-internals 18.12.0-1 telepathy-kde-contact-list 18.12.0-1 telepathy-kde-contact-runner 18.12.0-1 telepathy-kde-desktop-applets 18.12.0-1 telepathy-kde-filetransfer-handler 18.12.0-1 telepathy-kde-integration-module 18.12.0-1 telepathy-kde-send-file 18.12.0-1 telepathy-kde-text-ui 18.12.0-1 telepathy-logger 0.8.2-3 telepathy-logger-qt 17.08.0-1 telepathy-mission-control 5.16.4-3 telepathy-qt 0.9.7-2 telepathy-salut 0.8.1-5
Same issue here, kde 18.12.1 (gentoo) KDE plasma 5.14.5 Framework: 5.54.0 Qt: 5.11.3 Kernel: 4.20.3 OpenSSL: 1.1.0j
I can confirm this issue affects me after upgrading to Kubuntu 18.10 Cosmic. Plasma 5.13.5 libkaccounts/kaccounts-providers 18.04.3 OpenSSL 1.1.1 libgnutls 3.6.4 I am able to connect if click 'Continue' and accept the certificate for the "Current Session Only" (or, presumably, "Forever"). Also, the warning is not displayed if I use the Advanced settings for the account to "Ignore SSL errors" although I don't do this for obvious reasons.
There's an applet.
(In reply to David Edmundson from comment #3) > There's an applet. I believe this issue is actually less about Telepathy and more about KDE Online Accounts with which Telepathy integrates. The Google provider for Accounts allows for more than just Hangouts. It integrates Google Drive into Dolphin (and KIO?) as well as something with YouTube. If you're suggesting using a dedicated applet for Google Chat/Hangouts/Allo, I appreciate the alternative, but I still think this issue needs addressed. So this issue is due to Google now requiring the SNI to be provided during TLS negotiation. Clients communicating with some TLS servers like Google now need to be modified to provide this. For instance, Fetchmail was updated for Cosmic to address this: https://bugs.launchpad.net/ubuntu/+source/fetchmail/+bug/1798786
It might be KDE Online accounts which has the issue, although adding a Google account to KDE online accounts still works fine. I guess we need to figure out what component is being used by Telepathy to setup the TLS connection to Google, it seems it lacks SNI support.