© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
If Pidgin doesn't know whether the certificate is valid or not, you could be vulnerable to a man-in-the-middle attack by blindly accepting it (at least that's my understanding). Mind you, accepting it yourself without any other knowledge would be no worse than what Pidgin was doing before version 1:2.4.1-1ubuntu2.2 was released (it was blindly accepting all certificates without asking - see bug 251304), but personally I'd rather not take that approach.
I have found a simple workaround for login.live.com, that should be safe (as long as you trust the root certificates that Firefox uses).
First, navigate Firefox to https:/
For me, at least, Firefox accepts the certificate as being verified by VeriSign; you should bail out here if Firefox complains about an invalid certificate.
View the page's certificate (right-click the page, select "View Page Info", click the security icon, and click the "View Certificate" button).
On the "Details" tab, click the "Export..." button.
As of this point, I'm working from memory (don't have access to my home machine at the moment), so hopefully I get the details right.
You'll want to save the certificate with a file name of "login.live.com" as type "X.509 Certificate (PEM)" (at the very least, I remember that the default type worked for me) in "~/.purple/
Once you've done all that, restart Pidgin and it should accept login.live.com. You may need to disable and re-enable your MSN account (in "Accounts->Manage Accounts") if Pidgin doesn't bother trying to connect because it was previously deemed invalid.
I'm sure you could use other tools, or browsers instead of Firefox, to export the certificate... but this approach worked for me. I hope this is helpful until an official fix is released.