According to upstream bug report and Debian bug report: http://developer.pidgin.im/ticket/6500 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434 Pidgin builds using NSS library to provide cryptography do not properly verify SSL certificates provided by SSL-secured remote server (such as Jabber server). Pidgin accept invalid or self-signed certificates, regardless of the list of configured trusted SSL CA certificates.
Upstream advisory: http://www.pidgin.im/news/security/?id=28 Fixed upstream in: 2.5.0