[Pidgin] #17012: unable to validate new gtalk certificate

[Pidgin]

#17012: unable to validate new gtalk certificate
-------------------------+-------------------------------------------
 Reporter:  akostadinov  |      Owner:
     Type:  defect       |     Status:  new
Milestone:  2.10.13      |  Component:  pidgin (gtk)
  Version:  2.10.11      |   Keywords:  security certificate validate
-------------------------+-------------------------------------------
 Hello, I've got today:

 {{{
 Accept certificate for gmail.com?

 The certificate for gmail.com could not be validated.

 The certificate is not trusted because no certificate that can verify it
 is currently trusted.
 }}}

 Then I click on "view certificate" and get:


 {{{
 Common name: gmail.com

 Issued By: CN=Google Internet Authority G2,O=Google Inc,C=US

 Fingerprint (SHA1):
 d9:70:03:c4:5b:ac:73:2b:db:30:be:bc:01:ef:e4:ed:de:23:c7:9f

 Activation date: Wed May 11 22:13:25 2016

 Expiration date: Wed Aug  3 21:47:00 2016
 }}}


 Wanted to compare issuer certificate to what I see in browser for gmail
 but clickin on "view issuer certificate" results in "Unable to find Issuer
 Certificate".

 I don't know how to debug this issue to make sure presented certificate
 comes from a trusted source (google) and not from a MITM.

 At the very least pidgin has to allow downloading certificate chain
 presented by server in a raw pem format so one can rebuild and validate
 chain based on existing other certificates available in browser and/or
 other trusted sources.

 -- Pidgin 2.10.11-17.fc23 (libpurple 2.10.11)

--
Ticket URL: <https://developer.pidgin.im/ticket/17012>
Pidgin <https://pidgin.im>
Pidgin