How can I make Pidgin always accept an expired certificate?
Unfortunately it is not possible to permanently accept expired certificate (at least not in Pidgin 2.11.0 which is latest version at the moment).
There are many reports about this issue in official Pigdin issue tracking system. The usual answer is that server's certificate has to be fixed.
One can also confirm it in Pidgin sources:
Certificate verification begins in x509_tls_cached_start_verify
. For expired certificate there is flag PURPLE_CERTIFICATE_EXPIRED
set.
If certificate was found in cache x509_tls_cached_cert_in_cache
is called. It verifies that actual certificate fingerprint matches one in cache and calls x509_tls_cached_complete
.
This function does one of following:
- notify user that certificate is invalid (if there was some fatal certificate issue)
- lets user decide whether to accept/reject certificate (if there was non-fatal issue; this is the case with expired certificate)
- continues without any prompt if there was no issue with the certificate
There is no way to skip warning about expired certificate (other than fixing certificate itself).