[Gajim-devel] Re : Re : Re : PKCS12 with password

Saleem Edah-Tally nmset at yahoo.com
Tue Jul 26 21:42:25 CEST 2011

1. Connecting an account with an encrypted PKCS12 container

It works flawlessly. The checkbox is 'checked',  a dialog pops up upon 
connection to request the container password and then connection proceeds 

2. Connecting an account with an UNencrypted PKCS12 container

It fails constantly, a dialog appears proposing plain connection.

Err output :

21:20:53 (W) gajim.c.x.tls_nb Unknown error while loading certificate from file 
21:20:53 (E) gajim.c.x.tls_nb Error while TLS handshake: 
Traceback (most recent call last):
  File "/home/user/tmp/gajim-dev/src/common/xmpp/tls_nb.py", line 423, in 
SysCallError: (-1, 'Unexpected EOF')

So it seems to have created one unexpected problem if the container is not 
password protected.

Looking into tls_nb.py, I have modified line 362 as follows :

if (conn.client_cert_passphrase == None) :
        p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read())
                p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read(),

This way I can connect with both encrypted and unencrypted p12 containers.

Well it's all like I could imagine. I suppose it would be committed in the next 

By the way, I've tested a few other XMPP clients, Gajim is the only one I've 
seen that binds an account to its own SSL credentials, and that's great.

Thank you very much.

>Ok nice, just:
>hg clone http://hg.gajim.org/gajim gajim-dev
>cd gajim-dev
>patch -p1 < cert.diff (attached)

More information about the Gajim-devel mailing list