[Pidgin] #16323: Fingerprint based SSL certificate approval

Pidgin trac at pidgin.im
Wed Aug 20 01:04:19 EDT 2014

#16323: Fingerprint based SSL certificate approval
 Reporter:  cyisfor      |      Owner:
     Type:  enhancement  |     Status:  new
Milestone:               |  Component:  libpurple
  Version:  3.0.0hg      |   Keywords:  ssl, certificate, fingerprint,
                         |  security, server, authentication
 Many IRC networks have round robin DNS, and each server has a different
 certificate, resulting in each approval of a certificate overwriting the
 previous approval in pidgin. If connecting to 2 different servers in
 alternating order, it will overwrite the certificate for the previous one
 every time, making you need to "Allow" a certificate every single time you

 So I made a simple form of approving certificates by fingerprint. Tested
 on my computer, works fine no segfaults, no double frees, valgrind is
 happy (with MY code at least).

 This is very important, because every server certificate pidgin overwrites
 is one more opportunity for a man-in-the-middle. Once all servers on the
 network have Allowed certificate fingerprints, it won't ask again, yet no
 third party can bypass the security.

 This might not be limited to IRC, but I don't think for instance jabber
 chat is capable of having multiple servers on the same chat network. The
 protocol sure, but I don't think it's implemented.

Ticket URL: <https://developer.pidgin.im/ticket/16323>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list