Pidgin 2.7.3 on Maemo5 - SSL certificates for MSN invalid
forums at david-woolley.me.uk
Sun Nov 21 11:45:34 EST 2010
Etan Reisner wrote:
> To answer this again: http://developer.pidgin.im/wiki/MSNCertIssue
As this is telling people to do something potentially dangerous, I think
it should also tell them to check that the issuer and subject on each
certificate is different, i.e. that they are not being fed a potentially
bogus root certificate.
It may be safe to fetch the intermediate certificates from an untrusted
source, but only if they really are only intermediate ones. At least I
think that is true, but it is possible that openssl will stop when it
finds a locally trusted intermediate certificate, in which case they
need to verify the certificate chain before installing them.
I know that some browsers will accept a locally trusted leaf
certificate, even though they don't trust the corresponding root.
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.
More information about the Support