problems with MSN certificate chain
forums at david-woolley.me.uk
Fri Jan 18 16:22:01 EST 2013
Matthias Apitz wrote:
> El día Friday, January 18, 2013 a las 04:34:03PM +0000, David Woolley escribió:
>> Probably because one would have to use all of the Windows public key
>> infrastructure, instead of the open source implementation.
>> The non-Windows ones are probably designed for use with OpenSSL.
>> In Matthias' case, he ran a system call trace, and Pidgin is using
>> /usr/local/share/purple/ca-certs, which is clearly a private store in
>> Pidgin. This is on FreeBSD.
> Note: the directory /usr/local/share/purple/ca-certs is not writeable
> by normal users, it is owned by 'root'; i.e. the files
> there have been stored when I compiled(!) and installed pidgin in December 2011
These are not files that should be updated quietly as they are critical
to the security of encrypted IM services. As they are private to
Pidgin, they can only safely be updated by installing a later version of
Pidgin, or by explicitly placing them there yourself. However, even the
latest version has long dead certificates.
I would guess that, on a system with shared root certificates, they
would be updated by the standard package update procedure.
In fact, as I think I noted off list, on Windows, for applications using
the Windows certificate store, updates aren't actually automatic. That
is probably because an organisation seriously interested in security
would only want to enable certain certification services from certain
certifiers. Very few people have heard of most of the organisations
that Microsoft allow to vouch for a site's identity, and even the well
known ones have various levels of check on the identity of the people
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.
More information about the Support