[Pidgin] #17275: Need option to ignore certificate errors

Pidgin trac at pidgin.im
Thu Dec 21 15:57:08 EST 2017

#17275: Need option to ignore certificate errors
 Reporter:  plarkinjr    |      Owner:  deryni
     Type:  enhancement  |     Status:  new
Milestone:               |  Component:  XMPP
  Version:  2.12.0       |   Keywords:  SSL Certificate nss
 Applies to:
 * 2.12.0 on Windows 7
 * 2.10.9 on ubuntu 14.04
 * XMPP (corporate Cisco Jabber server behind VPN)

 If user is presented a broken certificate, there is no way to "ignore" the
 error and connect anyway.

 Error messages:
 * Popup "SSL Certificate Error" - Unable to validate certificate.  the
 certificate for blah.corp.com could not be validated.  the certificate
 chain presented is invalid.
 * Debug window:
 * (14:39:12) nss:   ERROR -8101:  SEC_ERROR_INADEQUATE_CERT_TYPE
 * (14:39:12) nss:   ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
 * bottom of Buddy List: "SSL peer presented an invalid certificate"

 Pidgin previously worked on my company's server, but the certificate
 expired, and they re-issued a new one.  Unfortunately, it has this chain
 problem.  I cannot get my IT department to fix their broken CA chain (They
 only care if Cisco's Jabber client works).    It would be nice if I could
 just tell Pidgin "Yeah, I know, but accept it anyway".   At least then I
 could run Pidgin again.

 other XMPP Clients which work with this server and it's broken
 certificates (if configured to ignore certificate errors):   gajim, spark,
 pandion & Cisco Jabber

Ticket URL: <https://developer.pidgin.im/ticket/17275>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list