sergey.chernyshev wrote:

It probably has nothing to do with ceriticates, but something to do with UTF8.

Mass maintainer change.

At the moment, there are two issues which are causing the problem.

First, the character encoding.

I checked the response headers. The server sends your OpenID identity page http://certifi.ca/andreasb%C3%BCrki without any character set encoding information.

Date: Mon, 16 May 2011 10:20:40 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.5 mod_ssl/2.2.4 OpenSSL/0.9.8e
X-Powered-By: PHP/5.2.3-1ubuntu6.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-XRDS-Location: https://certifi.ca/?xrds=andreasbürki
Content-Length: 314
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

200 OK

I will check the OpenID extension whether it can correctly handle non-ASCII, ISO-8859-x, and UTF-8 encodings of OpenID uris and X

Secondly, at least today, the certificate is not valid:

"certifi.ca verwendet ein ungültiges Sicherheitszertifikat.
Das Zertifikat ist am 23.02.2011 16:52 abgelaufen. Die aktuelle Zeit ist 16.05.2011 12:24." (Fehlercode: sec_error_expired_certificate)"

The OpenID extension currently ignores log ins with invalid or expired certificates; it is currently not configurable to "trust" also untrusted (self-issued), invalid or expired certificates. However, we could think of an debug option which allows this for test purposes.

• Bug 24173 has been marked as a duplicate of this bug. ***

(In reply to comment #3)

Date: Mon, 16 May 2011 10:20:40 GMT

I will check the OpenID extension whether it can correctly handle non-ASCII,
ISO-8859-x, and UTF-8 encodings of OpenID uris and X

You marked this "high" priority last may. What does that mean.

Hello, I am closing this now due to inactivity. Please reopen if you feel a need.

(In reply to comment #6)

I am closing this now due to inactivity. Please reopen if you feel a
need.

Inactivity of who? How does inactivity of somebody make a bug invalid?
Or did you mean "I will not fix this" instead?

(In reply to comment #0)

is not working with my OpenID (combined with a CAcert.org Certificate)
http://certifi.ca/andreasbürki

Maybe somewhere is a UTF-8 problem or whatever. - Sorry, I'm not a

It has only to do with the certificate. When you use a certificate by the Web of Trust certificate authority CAcert.org (for example), please be informed, that standard operating systems do not have the root or intermediate certificates for CAcert.org installed.

The OpenID extension makes extensive use of curl operations which fail with certificate errors unless you use a switch --no-certificate-check, which one should never do. The correct way is to install the CAcert.org certificate on the server.

The CA certificate can be downloaded from http://www.cacert.org/index.php?id=3 and look for "How do you add a Certificate Authority to <your operating system>".

Linux systems require usually the addition of a hash of the CA certificate to /etc/ssl/certs with a symbolic link to the CA certificate itself. The additional certificates are located in /usr/local/share/ca-certificates . The actual directories may differ.

See for example http://superuser.com/questions/437330/how-do-you-add-a-certificate-authority-to-ubuntu .

I hope to have given a description which is detailed enough and are now closing this bug as resolved invalid. Please reopen if you feel a need.

P.S. I can confirm, that E:OpenID works when the CAcert.org certificates (or whatever is needed) is added to your OpenID consumer system.