This should be fixed now.
Could you have another look to see if the reconnect plugin now leaves
the account alone?
It does. Thank you!
And it's a shame that Freenode doesn't deliver the complete certificate
chain so validation could actually succeed...
Are you referring to the certificate verification dialog popping up?
That does not need to happen for Freenode servers. You have to use
chat.freenode.net though. That's the host name registered in the
certificate. Did you use chat.freenode.net?
No, irc.freenode.net. But that doesn't matter, they use a wildcard
certificate from Gandi, which is signed by UTN-USERFirst, which is signed by
USERTrust. However, UTN-USERFirst is not in the delivered certificate chain
and thus causes a broken PKIX path. Windows' CAPI is intelligent enough to
find the missing intermediary certificate by following AIA field in the
Gandi cert and build a proper path, Java's PKIX builder however is not.
We have a workaround in the CertificateService that tries very primitively
to load missing intermediary certificates, but it only kicks in when the
server only delivers one single certificate that is not self-signed.
On 22-11-14 12:59, Ingo Bauersachs wrote: