Bitlbee, Purple-Sipe-Lync, and Certificates

Published 2013-10-02

Certificate warnings are annoying, and Lync was a mess.

Introduction

I use bitlbee for IRC, Jabber, Google Talk, and for work, M$ lync, the latter under protest. After building bitlbee to use libpurple, I could connect to the company's lync silliness, but I always got the certificate warnings (the company has its own root CA). Even accepting the cert didn't help – I got the warnings each time I connected.

Fix

Simple fix was to copy the company's root CA into /etc/ssl/certs (under Arch Linux - is that the standard path now?).

FYI: looks like libpurple puts the accepted cert in ~/.purple/certificates/x509/tls_peers, but I found a stale version in /var/lib/bitlbee/purple/certificates/x509/tls_peers/.

In the past I had to use the export NSS_SSL_CBC_RANDOM_IV=0 hack to get lync to work, but no more.