SSL security concern
forums at david-woolley.me.uk
Mon Oct 14 12:27:21 EDT 2013
> The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a
> different (and exclusive) CA location.
As noted in my original reply, that already exists if you build from
source - the decision is a compile time one. If you use a package, the
packager will generally select the option that makes the software
easiest to use and maintain out of the box, which means that, if the OS
supports a compatible certificate store mechanism, the packager will
select that, so that it will work out of the box, and certificates will
get updated as part of the OS update process.
If there isn't such a mechanism, it will install Pidgin's standard set
of certificates in a directory private to libpurple, so that the user
doesn't have to hunt down certificates before they use it.
At least from a quick glance, you can tell it to use a system
certificate store, when you build it, but point that at a directory that
you populate with certificates, rather than the standard OS certificate
More information about the Support