SSL security concern

Ralf Skyper Kaiser skyper at
Mon Oct 14 12:33:27 EDT 2013


I agree, 1 of the 7 Security features is already possible with pidgin but
requires source code recompilation. That's does not fly for most users
(especially the windows users).

Pidgin should be secure by default or - if Pidgin insists that it has to be
insecure by default - at least the possibility for the user to use it
securely. Without having to recompile from source (and cross platform).



On Mon, Oct 14, 2013 at 5:27 PM, David Woolley
<forums at>wrote:

>  The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a
>> different (and exclusive) CA location.
> As noted in my original reply, that already exists if you build from
> source - the decision is a compile time one.  If you use a package, the
> packager will generally select the option that makes the software easiest
> to use and maintain out of the box, which means that, if the OS supports a
> compatible certificate store mechanism, the packager will select that, so
> that it will work out of the box, and certificates will get updated as part
> of the OS update process.
> If there isn't such a mechanism, it will install Pidgin's standard set of
> certificates in a directory private to libpurple, so that the user doesn't
> have to hunt down certificates before they use it.
> At least from a quick glance, you can tell it to use a system certificate
> store, when you build it, but point that at a directory that you populate
> with certificates, rather than the standard OS certificate store.
> ______________________________**_________________
> Support at mailing list
> Want to unsubscribe?  Use this link:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Support mailing list