SSL security concern

Ralf Skyper Kaiser skyper at thc.org
Mon Oct 14 12:33:27 EDT 2013


Hi,

I agree, 1 of the 7 Security features is already possible with pidgin but
requires source code recompilation. That's does not fly for most users
(especially the windows users).

Pidgin should be secure by default or - if Pidgin insists that it has to be
insecure by default - at least the possibility for the user to use it
securely. Without having to recompile from source (and cross platform).

regards,

ralf



On Mon, Oct 14, 2013 at 5:27 PM, David Woolley
<forums at david-woolley.me.uk>wrote:

>
>  The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a
>> different (and exclusive) CA location.
>>
>>
> As noted in my original reply, that already exists if you build from
> source - the decision is a compile time one.  If you use a package, the
> packager will generally select the option that makes the software easiest
> to use and maintain out of the box, which means that, if the OS supports a
> compatible certificate store mechanism, the packager will select that, so
> that it will work out of the box, and certificates will get updated as part
> of the OS update process.
>
> If there isn't such a mechanism, it will install Pidgin's standard set of
> certificates in a directory private to libpurple, so that the user doesn't
> have to hunt down certificates before they use it.
>
> At least from a quick glance, you can tell it to use a system certificate
> store, when you build it, but point that at a directory that you populate
> with certificates, rather than the standard OS certificate store.
>
>
> ______________________________**_________________
> Support at pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> http://pidgin.im/cgi-bin/**mailman/listinfo/support<http://pidgin.im/cgi-bin/mailman/listinfo/support>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20131014/e5893502/attachment.html>


More information about the Support mailing list