[Pidgin] #9971: Invalid Certificate Chain For Self-Signed Certs
Pidgin
trac at pidgin.im
Thu Aug 20 18:10:57 EDT 2009
#9971: Invalid Certificate Chain For Self-Signed Certs
---------------------------------------------+------------------------------
Reporter: rhpt | Owner: darkrain42
Type: defect | Status: closed
Milestone: | Component: XMPP
Version: 2.6.1 | Resolution: duplicate
Keywords: invalid certificate self signed |
---------------------------------------------+------------------------------
Comment(by darkrain42):
Replying to [comment:7 Dymaxion]:
> I've hit this problem as well; the server I'm connecting to in this case
is pretty much out of my control. SSL is mostly being used to tunnel the
connection and handle cases where networks are IRC-hostile; whether or not
the certificate is compromised is of no particular concern. I'd highly
prefer that the mechanism for this wasn't intentionally inconvenient, as
there are legitimate reasons to do keep using expired certs.
You've made what I consider an argument for allowing self-signed
certificates (or certificates for which the chain cannot be validated),
but absolutely not an argument for ''expired'' certificates.
I will accept the valid use-case for allowing an expired certificate that
someone needs to continue accessing a service while the certificate is
expired and in the process of being renewed and, despite my personal
preference, other developers would like it to prompt the user, which is
why hopefully the functionality will be changed in 2.6.2. That said, it
absolutely should (and will) prompt regularly, as both I and another
Pidgin developer think it is unacceptable to not be overtly annoying about
the use of an expired certificate. Ultimately, the server operator needs
to fix the certificate; if it's self-signed, there's no excuse for having
replaced it already.
--
Ticket URL: <http://developer.pidgin.im/ticket/9971#comment:8>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list