Pidgin 2.7.3 on Maemo5 - SSL certificates for MSN invalid
David Woolley
forums at david-woolley.me.uk
Sun Nov 21 11:45:34 EST 2010
Etan Reisner wrote:
>
> To answer this again: http://developer.pidgin.im/wiki/MSNCertIssue
As this is telling people to do something potentially dangerous, I think
it should also tell them to check that the issuer and subject on each
certificate is different, i.e. that they are not being fed a potentially
bogus root certificate.
It may be safe to fetch the intermediate certificates from an untrusted
source, but only if they really are only intermediate ones. At least I
think that is true, but it is possible that openssl will stop when it
finds a locally trusted intermediate certificate, in which case they
need to verify the certificate chain before installing them.
I know that some browsers will accept a locally trusted leaf
certificate, even though they don't trust the corresponding root.
--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.
More information about the Support
mailing list