Pidgin 2.7.3 on Maemo5 - SSL certificates for MSN invalid

David Woolley forums at
Sun Nov 21 11:45:34 EST 2010

Etan Reisner wrote:

> To answer this again:

As this is telling people to do something potentially dangerous, I think 
it should also tell them to check that the issuer and subject on each 
certificate is different, i.e. that they are not being fed a potentially 
bogus root certificate.

It may be safe to fetch the intermediate certificates from an untrusted 
source, but only if they really are only intermediate ones.  At least I 
think that is true, but it is possible that openssl will stop when it 
finds a locally trusted intermediate certificate, in which case they 
need to verify the certificate chain before installing them.

I know that some browsers will accept a locally trusted leaf 
certificate, even though they don't trust the corresponding root.

David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

More information about the Support mailing list