[Pidgin] #9971: Invalid Certificate Chain For Self-Signed Certs

Pidgin trac at pidgin.im
Fri Aug 21 03:45:37 EDT 2009 

#9971: Invalid Certificate Chain For Self-Signed Certs
---------------------------------------------+------------------------------
 Reporter:  rhpt                             |        Owner:  darkrain42
     Type:  defect                           |       Status:  closed    
Milestone:                                   |    Component:  XMPP      
  Version:  2.6.1                            |   Resolution:  duplicate 
 Keywords:  invalid certificate self signed  |  
---------------------------------------------+------------------------------

Comment(by darkrain42):

 Replying to [comment:10 ktp]:
 > I second that! This is the attitude which will bring every project down.
 Some devs seem to need this godlike feeling to have the power over their
 users.

 That is not at all how I feel. I ''do'' think I have more knowledge about
 X.509 certificates than most users, but I'm pretty sure I actually do.
 (that statement is fairly tautological ;) )

 > But they forget that they are nothing without their users. One thing for
 sure: If this will be the attitude in the whole project I will switch to
 another messenger. There are enough promising projects around... for
 windows and linux.

 As I already said, I plan to change the fatal error behavior based on
 feedback. I misjudged how many (broken) servers are out there that use
 expired certificates.

 >
 > Look for Ticket 8226 where the title says "does not warn" is marked as
 fixed by just disallowing. Guess who fixed this bug.

 Yes, I did make the change in #8226. I still personally think that
 rejecting those certificates is the right course of action and is what I
 want my browsers* and mail and IM clients to do. I don't think you should
 be using a service if the server operator is so negligent or uninformed as
 to be unwilling either to purchase a new certificate or to generate a
 self-signed certificate.

 As I have said multiple times now, though, expired certificates will not
 be a fatal connection error in the next release. I'd have a patch ready,
 but I've been distracted responding to your (collective) comments.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/9971#comment:12>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list