If Pidgin doesn't know whether the certificate is valid or not, you could be vulnerable to a man-in-the-middle attack by blindly accepting it (at least that's my understanding). Mind you, accepting it yourself without any other knowledge would be no worse than what Pidgin was doing before version 1:2.4.1-1ubuntu2.2 was released (it was blindly accepting all certificates without asking - see bug 251304), but personally I'd rather not take that approach.
I have found a simple workaround for login.live.com, that should be safe (as long as you trust the root certificates that Firefox uses). First, navigate Firefox to https://login.live.com/. For me, at least, Firefox accepts the certificate as being verified by VeriSign; you should bail out here if Firefox complains about an invalid certificate. View the page's certificate (right-click the page, select "View Page Info", click the security icon, and click the "View Certificate" button). On the "Details" tab, click the "Export..." button. As of this point, I'm working from memory (don't have access to my home machine at the moment), so hopefully I get the details right. You'll want to save the certificate with a file name of "login.live.com" as type "X.509 Certificate (PEM)" (at the very least, I remember that the default type worked for me) in "~/.purple/ssl/certs". You might need to right-click in the file list and show hidden files to see the ".purple" directory in your home directory. I'm not sure about the exact path; it might have been "~/.purple/ssl/ca-certs" instead. In any case, the directory should exist if you've started Pidgin before; you just need to drop in the certificate with a filename of the host it belongs to (no extra ".pem" extensions or anything like that). Once you've done all that, restart Pidgin and it should accept login.live.com. You may need to disable and re-enable your MSN account (in "Accounts->Manage Accounts") if Pidgin doesn't bother trying to connect because it was previously deemed invalid. I'm sure you could use other tools, or browsers instead of Firefox, to export the certificate... but this approach worked for me. I hope this is helpful until an official fix is released. -- Pidgin not using existing root TLS/SSL certificates for validation https://bugs.launchpad.net/bugs/302314 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
