Pidgin (2.10.9) still not connecting to Yahoo (Opensuse 13.1)

Since about 2 weeks (I think) I no longer connect my pidgin (2.10.9-4.12.1 is the current installment) to Yahoo.
At fist I thought it was due to the recent changes at Yahoo side, but at the same time Kopete does connect successfully to my messenger account so, I think this is no longer the case with pidgin.

After launching pidgin like this: pidgin -d > ~/debug.log 2>&1
the debug.log file contains this error (username replace with the fake XYXYXY:

(09:04:13) prefs: Reading /home/cornel/.purple/prefs.xml
(09:04:13) prefs: Finished reading /home/cornel/.purple/prefs.xml
(09:04:13) prefs: purple_prefs_get_path: Unknown pref /pidgin/browsers/command
(09:04:13) dbus: okkk
…]
(09:04:13) certificate: CertificateVerifier x509, singleuse requested but not found.
(09:04:13) certificate: CertificateVerifier singleuse registered
(09:04:13) certificate: CertificatePool x509, ca requested but not found.
(09:04:13) certificate: CertificateScheme x509 requested but not found.
(09:04:13) certificate/x509/ca: Lazy init failed because an X.509 Scheme is not yet registered. Maybe it will be better later.
(09:04:13) certificate/x509/ca: Init failed, probably because a dependency is not yet registered. It has been deferred to later.
(09:04:13) certificate: CertificatePool ca registered
(09:04:13) certificate: CertificatePool x509, tls_peers requested but not found.
(09:04:13) certificate: CertificatePool tls_peers registered
(09:04:13) certificate: CertificateVerifier x509, tls_cached requested but not found.
(09:04:13) certificate: CertificateVerifier tls_cached registered
(09:04:13) prefs: /purple/logging/format changed, scheduling save.
(09:04:13) prefs: /purple/logging/format changed, scheduling save.
(09:04:13) prefs: /purple/proxy/type changed, scheduling save.
(09:04:13) prefs: /purple/proxy/host changed, scheduling save.
(09:04:13) prefs: /purple/proxy/port changed, scheduling save.
(09:04:13) prefs: /purple/proxy/username changed, scheduling save.
(09:04:13) prefs: /purple/proxy/password changed, scheduling save.
(09:04:13) certificate: CertificateScheme x509 requested but not found.
(09:04:13) certificate: CertificateScheme x509 registered
(09:04:13) util: Reading file smileys.xml from directory /home/cornel/.purple
(09:04:13) util: File /home/cornel/.purple/smileys.xml does not exist (this is not necessarily an error)
(09:04:13) stun: using server
(09:04:13) sound: Initializing sound output drivers.
(09:04:13) prefs: /pidgin/conversations/placement changed, scheduling save.
(09:04:13) prefs: purple_prefs_get_bool: Unknown pref /pidgin/docklet/x11/embedded
(09:04:13) GLib-GObject: gsignal.c:2475: signal ‘destroy’ is invalid for instance ‘0xb8507380’ of type ‘GtkStatusIcon’
(09:04:13) gtkblist: added visibility manager: 1
(09:04:13) docklet: GTK+ created
(09:04:13) util: Reading file blist.xml from directory /home/cornel/.purple
…]
(09:04:13) GLib-GObject: value “-1216994931” of type ‘gint’ is invalid or out of range for property ‘weight’ of type ‘gint’
(09:04:14) account: Connecting to account XYXYXYXY.
…]
(09:04:18) connection: Connecting. gc = 0xb8b5ce90
(09:04:18) util: requesting to fetch a URL
(09:04:18) util: Defaulting max download from http://vcs1.msg.yahoo.com/capacity to 524288
(09:04:18) dnsquery: Performing DNS lookup for vcs1.msg.yahoo.com
(09:04:18) dns: Created new DNS child 3505, there are now 1 children.
(09:04:18) dns: Successfully sent DNS request to child 3505
(09:04:18) dns: Got response for ‘vcs1.msg.yahoo.com’
(09:04:18) dnsquery: IP resolved for vcs1.msg.yahoo.com
(09:04:18) proxy: Attempting connection to 66.196.120.43
(09:04:18) proxy: Connecting to vcs1.msg.yahoo.com:80 with no proxy
(09:04:18) proxy: Connection in progress
(09:04:18) proxy: Connecting to vcs1.msg.yahoo.com:80.
(09:04:18) proxy: Connected to vcs1.msg.yahoo.com:80.
(09:04:18) util: request constructed
(09:04:18) util: Response headers: 'HTTP/1.1 200 OK
Content-Length: 46
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=0, must-revalidate
Expires: Sun, 10 Jun 2007 12:01:01 GMT

’
(09:04:18) util: parsed 46
(09:04:18) yahoo: Got COLO Capacity: 1
(09:04:18) yahoo: Got CS IP address: 66.196.121.26
(09:04:18) dnsquery: Performing DNS lookup for 66.196.121.26
(09:04:18) dnsquery: IP resolved for 66.196.121.26
(09:04:18) proxy: Attempting connection to 66.196.121.26
(09:04:18) proxy: Connecting to 66.196.121.26:5050 with no proxy
(09:04:18) proxy: Connection in progress
(09:04:18) proxy: Connecting to 66.196.121.26:5050.
(09:04:18) proxy: Connected to 66.196.121.26:5050.
(09:04:18) yahoo: 83 bytes to read, rxlen is 103
(09:04:18) yahoo: Yahoo Service: 0x57 Status: 1
(09:04:18) yahoo: Authentication: In yahoo_auth16_stage1
(09:04:18) util: requesting to fetch a URL
(09:04:18) util: Defaulting max download from https://login.yahoo.com/config/pwtoken_get?src=ymsgr&ts=&login=XYXYXYXY&passwd=tombolita&chal=3|u%2F(j-u%2B8%p*d%2F(c%2Fv%2Fb)%2By%2By%2B(f%2Bb%2B(y%2By%2Bf%2Bb%2B(y%2By)%2Bf%2Bb%2By%2Bj))) to 524288
(09:04:18) dnsquery: Performing DNS lookup for login.yahoo.com
(09:04:18) dns: Successfully sent DNS request to child 3505
(09:04:18) dns: Got response for ‘login.yahoo.com’
(09:04:18) dnsquery: IP resolved for login.yahoo.com
(09:04:18) proxy: Attempting connection to 188.125.80.138
(09:04:18) proxy: Connecting to login.yahoo.com:443 with no proxy
(09:04:18) proxy: Connection in progress
(09:04:18) util: Writing file prefs.xml to directory /home/cornel/.purple
(09:04:18) util: Writing file /home/cornel/.purple/prefs.xml
(09:04:18) util: Writing file accounts.xml to directory /home/cornel/.purple
(09:04:18) util: Writing file /home/cornel/.purple/accounts.xml
(09:04:18) util: Writing file blist.xml to directory /home/cornel/.purple
(09:04:18) util: Writing file /home/cornel/.purple/blist.xml
(09:04:19) proxy: Connecting to login.yahoo.com:443.
(09:04:19) proxy: Connected to login.yahoo.com:443.
(09:04:19) gnutls: Starting handshake with login.yahoo.com
(09:04:19) gnutls: Handshake complete
(09:04:19) gnutls/x509: Key print: d1:8d:c6:f4:0a:fe:ee:83:4c:1c:79:3b:ff:47:dd:2e:ae:24:81:e6
(09:04:19) gnutls/x509: Key print: 5d:eb:8f:33:9e:26:4c:19:f6:68:6f:5f:8f:32:b5:4a:4c:46:b4:76
(09:04:19) gnutls/x509: Key print: 32:f3:08:82:62:2b:87:cf:88:56:c6:3d:b8:73:df:08:53:b4:dd:27
(09:04:19) gnutls: Peer provided 3 certs
(09:04:19) gnutls: Lvl 0 SHA1 fingerprint: d1:8d:c6:f4:0a:fe:ee:83:4c:1c:79:3b:ff:47:dd:2e:ae:24:81:e6
(09:04:19) gnutls: Serial: 1f:98:67:cb:11:da:69:b8:48:2b:be:85:c7:5d:67:e0
(09:04:19) gnutls: Cert DN: C=US,ST=California,L=Sunnyvale,O=Yahoo Inc.,OU=Information Technology,CN=*.login.yahoo.com
(09:04:19) gnutls: Cert Issuer DN: C=US,O=VeriSign, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)10,CN=VeriSign Class 3 Secure Server CA - G3
(09:04:19) gnutls: Lvl 1 SHA1 fingerprint: 5d:eb:8f:33:9e:26:4c:19:f6:68:6f:5f:8f:32:b5:4a:4c:46:b4:76
(09:04:19) gnutls: Serial: 6e:cc:7a:a5:a7:03:20:09:b8:ce:bc:f4:e9:52:d4:91
(09:04:19) gnutls: Cert DN: C=US,O=VeriSign, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)10,CN=VeriSign Class 3 Secure Server CA - G3
(09:04:19) gnutls: Cert Issuer DN: C=US,O=VeriSign, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5
(09:04:19) gnutls: Lvl 2 SHA1 fingerprint: 32:f3:08:82:62:2b:87:cf:88:56:c6:3d:b8:73:df:08:53:b4:dd:27
(09:04:19) gnutls: Serial: 25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
(09:04:19) gnutls: Cert DN: C=US,O=VeriSign, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5
(09:04:19) gnutls: Cert Issuer DN: C=US,O=VeriSign, Inc.,OU=Class 3 Public Primary Certification Authority
(09:04:19) certificate/x509/tls_cached: Starting verify for login.yahoo.com
(09:04:19) certificate/x509/tls_cached: Checking for cached cert…
(09:04:19) certificate/x509/tls_cached: …Found cached cert
(09:04:19) gnutls: Attempting to load X.509 certificate from /home/cornel/.purple/certificates/x509/tls_peers/login.yahoo.com
(09:04:19) certificate/x509/tls_cached: Peer cert matched cached
(09:04:19) util: Writing file /home/cornel/.purple/certificates/x509/tls_peers/login.yahoo.com
(09:04:19) certificate: Successfully verified certificate for login.yahoo.com
(09:04:19) util: request constructed
(09:04:19) util: Response headers: 'HTTP/1.1 200 OK
Date: Thu, 17 Apr 2014 06:04:31 GMT
Set-Cookie: B=0el9h219kurnf&b=3&s=s5; expires=Sun, 17-Apr-2016 06:04:31 GMT; path=/; domain=.yahoo.com
P3P: policyref=“http://info.yahoo.com/w3c/p3p.xml”, CP=“CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV”
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/html
Age: 0
Connection: close
Server: ATS

’
**(09:04:19) gnutls: receive failed: The TLS connection was non-properly terminated.
(09:04:19) yahoo: Authentication: In yahoo_auth16_stage1_cb
(09:04:19) yahoo: Login Failed, unable to retrieve login url: Error reading from login.yahoo.com: Input/output error
(09:04:19) connection: Connection error on 0xb8b5ce90 (reason: 0 description: Error reading from login.yahoo.com: Input/output error)
**(09:04:19) account: Disconnecting account XYXYXYXY (0xb82dcd78)
…]

As far as I can look up, upto the error itself, pidgin seems to work OK, and communicate OK with Yahoo server.

My current gnutls packages are now upto date (3.2.4-2.18.1 – gnutls, libgnutls28, libgnutls-devel, libgnutls-openssl27 and libgnutls-openssl-devel)

ssldump got this output:
New TCP connection #42: XXXCOMPUTERXXX(40428) <-> cs104p1.us1.msg.gq1.yahoo.com(5050)
New TCP connection #43: XXXCOMPUTERXXX(42618) <-> ats1.member.vip.ir2.yahoo.com(443)
43 1 0.0716 (0.0716) C>S Handshake
ClientHello
Version 3.3
cipher suites
Unknown value 0xc02b
Unknown value 0xc009
Unknown value 0xc023
Unknown value 0xc02c
Unknown value 0xc00a
Unknown value 0xc024
Unknown value 0xc008
Unknown value 0xc007
Unknown value 0xc02f
Unknown value 0xc013
Unknown value 0xc027
Unknown value 0xc030
Unknown value 0xc014
Unknown value 0xc012
Unknown value 0xc011
Unknown value 0x9c
TLS_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x3c
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0x3d
Unknown value 0x41
Unknown value 0x84
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0x9e
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_NULL_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Unknown value 0x6b
Unknown value 0x45
Unknown value 0x88
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xa2
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Unknown value 0x40
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Unknown value 0x6a
Unknown value 0x44
Unknown value 0x87
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_RC4_128_SHA
compression methods
NULL
43 2 0.1237 (0.0521) S>C Handshake
ServerHello
Version 3.3
session_id[0]=

    cipherSuite         Unknown value 0xc02f
    compressionMethod                   NULL

43 3 0.1276 (0.0038) S>C Handshake
Certificate
43 4 0.1276 (0.0000) S>C Handshake
ServerKeyExchange
43 5 0.1276 (0.0000) S>C Handshake
ServerHelloDone
43 6 0.1758 (0.0482) C>S Handshake
ClientKeyExchange
43 7 0.1758 (0.0000) C>S ChangeCipherSpec
43 8 0.1758 (0.0000) C>S Handshake
43 9 0.2282 (0.0523) S>C Handshake
Segmentation fault

So … I’m puzzled out here, since I don’t get what the problem is. If the recent changes at Yahoo (at least in the web interface, but maybe at other aspects as well) were to disturb Linux messenger clients (like it already happened in the past several times) I would expect kopete does not conenct as well, but since it does connect, I just don’t get why pidgin does not work anymore.

Anyone else have the same issues with pidgin ?
Is there something I can do/change at my side in order to make it work again ?

Depending on how long your problem has existed exactly, you may be affected by changes to openssl due to the heartbleed issue.

Make sure you’re patched on your end with

zypper up

and although may not be necessary

zypper patch

Then, try again.
Yahoo was one of the slower major Internet giants to fix their openssl, but AFAIK should all have been completed by now. Due to the P-P nature of IM, I don’t know but consider possible that heartbleed patches would be required for all peers logging in as well.

TSU

As far as I can check, my openssl and all other ssl* packages are up to date (openssl is version 1.0.1e-11.32.1), so other than that I can’t do anymore (maybe, perhaps, download the latest source from www.openssl.org, which is 1.0.1.g, but I am reluctant to do this, and rather stick with the repository latest versions).
As said before, gnutls, libgnutls and the other packages related are, as well, at their latest versions in the repository.
And pidgin still doesn’t connect (with the same error). And at the same time, kopete does connect (which is strange to me).

Same problem for me. Pidgin 2.10.9 on OpenSUSE 13.1 stopped connecting to Yahoo.

Switched to Kopete and that works.

Problem started long before Heartbleed and continues after.

Have been using same version Pidgin on Ubuntu. From at least Ubuntu 13.04 then 13.10 and now 14.04 and have not suffered any lost ability to connect. As a result I think it’s an OpenSUSE issue and not a Pidgin or Yahoo issue.

Don’t know what I might do to t/s otherwise would give it a try.

There don’t seem to be any openSUSE bug reports regarding the issue so perhaps one of you who experience the issue should submit one.

Same problem here. openSUSE 12.3 with Pidgin 2.10.9 (libpurple 2.10.9)

(13:30:29) gnutls: receive failed: The TLS connection was non-properly terminated.
(13:30:29) soap: read: Input/output error
(13:30:29) soap: Received secure request.

Not sure when this started as not frequent user. Likely within the last month but could be longer ago.

Self had trouble getting Pidgin to work for Yahoo.

Looking at Tools - Certificate - Yahoo - Get Info found an expired certificate.

Deleted certificate, then restarted, then things appear to be working ok.

now see certificate:
Activation date: Tue Apr 8 10:00:00 2014
Expiration date: Fri Apr 10 09:59:59 2015

I also have exactly the same problem. On the computer at work (also openSUSE 13.1) it works perfectly. at home - not.

I tried your solution, no improvement…

(20:00:19) gnutls: receive failed: The TLS connection was non-properly terminated.
(20:00:19) yahoo: Authentication: In yahoo_auth16_stage1_cb
(20:00:19) yahoo: Login Failed, unable to retrieve login url: Error reading from login.yahoo.com: Input/output error

Hi,

I also find the same problem. After i try to search in many article, i found this link :

http://lists.opensuse.org/opensuse-bugs/2013-07/msg03608.html

it will force pidgin to use ssl-nss.so. And it’s works.

Interesting thing:

I have now a new laptop and did some experimenting and discovered that if you install pidgin BEFORE applying any update, then it will work (even after applying all further updates). If you install pidgin AFTER applying patches and updates it doesn’t work anymore.

curious thing…

Thanks mate, I confirm!

I did chmod 000 /usr/lib64/purple-2/ssl-gnutls.so and pidgin connected to yahoo on the problem-machine.