Problem with AIM

Duncan Berriman duncan at
Mon Jan 27 12:10:18 EST 2014

Hi Dainel,


Whilst I understand your point there are 2 options in a live environment.


Option 1 - Do what I’ve done until the correct solution can be found or obtained, not always possible immediately.

Option 2- Have your service offline for a number of hours until a solution is found or obtained and implemented.


I guess I could of checked to ensure it was the AIM certificate that it was asking about with a compare on the primary and seconday strings to make it less ‘wrong’. This was more a proof of concept rather than solution to the certificate issue.


The method I provided is purely as a stop gap whilst a solution is found or can be used in other circumstances when using a robot or headless piece of code and some (unexpected) question has to be answered via a callback.


In a number of years of running my libpurple robot it is nearly always certificates on the providers end of which I have no influence which have caused problems as they expire or require a new chain certificate. Thus I would intend to make this code optional so it can be quickly enabled as a temporary workaround whilst I find a solution.

It is not intended as a permanent fix.


I would however appreciate any comments re the actual code.

Since posting I’ve done some more research and it would appear the 2nd parameter is ignored in this callback so passing 0 is valid.




From: Daniel Atallah [mailto:daniel.atallah at] 
Sent: 27 January 2014 16:49
To: Duncan Berriman
Cc: Pidgin Devel Mailing List
Subject: Re: Problem with AIM


On Mon, Jan 27, 2014 at 10:32 AM, Duncan Berriman <duncan at> wrote:
> Hi,
> I did some more work on my code which may be of use to others as I see quite
> a number of questions re capturing and responding to requests when using
> libpurple as a robot or headless.
> This works as I can see the callback working (the request is closed) and the
> program manages to logon to AIM without the certificate present but I'm not
> sure it is totally correct. I can also see it fail to connect (as expected)
> if I change the code to do 'Reject' instead of 'Accept'.

I think you're going down the wrong path with this.

You almost certainly shouldn't (effectively) disabling certificate validation - that's a horrible thing to do.

As Mark noted, the issue with AIM is that they have a new cert that's signed by a CA isn't in the default pidgin CA list - the right way to resolve that particular issue is to add the CA to the CA list you're using.


If there is a particular server that is outside of your control which is using an invalid or expired cert (which is not the case with AIM), a very specific exception (for that server and certificate combination) *might* be a reasonable thing to implement, but the global thing you've done is just wrong.


This message has been scanned for viruses and 
dangerous content by  <> MailScanner, and is 
believed to be clean. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Devel mailing list