As requested, NSS patch submitted to Pidgin in forwarded bug report, so
there's no need to switch to GNUTLS.
However, the second half of the patch above is still needed to grab CA
certs from /etc/ssl/certs. Attaching just that part.
--- pidgin-2.4.1/libpurple/certificate.c
+++ pidgin-2.4.1.new/libpurple/certificate.c
@@ -745,8 +745,8 @@
x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR,
"ca-certs", NULL));
#else
- x509_ca_paths = g_list_append(NULL, g_build_filename("etc",
- "ssl", "certs", NULL));
+ x509_ca_paths = g_list_append(NULL, g_build_filename("/etc",
+ "ssl", "certs", NULL));
#endif
}
