Etan Reisner wrote:
To answer this again: http://developer.pidgin.im/wiki/MSNCertIssue
As this is telling people to do something potentially dangerous, I think it should also tell them to check that the issuer and subject on each certificate is different, i.e. that they are not being fed a potentially bogus root certificate.
It may be safe to fetch the intermediate certificates from an untrusted source, but only if they really are only intermediate ones. At least I think that is true, but it is possible that openssl will stop when it finds a locally trusted intermediate certificate, in which case they need to verify the certificate chain before installing them.
I know that some browsers will accept a locally trusted leaf certificate, even though they don't trust the corresponding root.
-- David Woolley Emails are not formal business letters, whatever businesses may want. RFC1855 says there should be an address here, but, in a world of spam, that is no longer good advice, as archive address hiding may not work. _______________________________________________ [email protected] mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
