id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,irc_client,os,os_version 980,SSL: certificate pinning,ilf@…,,"Currently, SSL certificates are verified via domain name and X.509 Certificate Authorities. I'd like to bypass both via certificate pinning. I propose an account setting ""tls_fingerprint"", taking the SHA1 of a certificate. That way, I can manually enter one specific fingerprint for this account, not having to trust the CA-cartel. And I can verify it against an IP, not needing DNS. I also propose to use ""trust on first use"" for all new accounts, showing the fingerprint and saying ""is this really the fingerprint you want to trust"" like OpenSSH.",enhancement,new,normal,,BitlBee,devel,,ssl,,Client-independent,Public server,