SSL security concern

David Woolley forums at
Mon Oct 14 12:27:21 EDT 2013

> The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a
> different (and exclusive) CA location.

As noted in my original reply, that already exists if you build from 
source - the decision is a compile time one.  If you use a package, the 
packager will generally select the option that makes the software 
easiest to use and maintain out of the box, which means that, if the OS 
supports a compatible certificate store mechanism, the packager will 
select that, so that it will work out of the box, and certificates will 
get updated as part of the OS update process.

If there isn't such a mechanism, it will install Pidgin's standard set 
of certificates in a directory private to libpurple, so that the user 
doesn't have to hunt down certificates before they use it.

At least from a quick glance, you can tell it to use a system 
certificate store, when you build it, but point that at a directory that 
you populate with certificates, rather than the standard OS certificate 

More information about the Support mailing list