= Issues =
 * Jabber (and possibly others) use the purple_ssl_connect_fd function to build an SSL connection over a previously existing ProxyConnection. Since all the SSL side sees is the file descriptor in this case, hostname verification is impossible. (29 May)
 * talk.google.com gives back a gmail.com certificate?! (29 May)

= Resolved Issues =
 * It looks like PKCS12 (the certificate import/export format) is supported by both libNSS and GnuTLS.

= TODO =
 * General paranoia
 * Look at how the SILC prpl does its key management, especially the organization of the API used to check certs and interact with the user to verify them.
 * Add some way of passing useful error messages back up out of the SSL interface (23 May)
 * Fix purple_ssl_init in sslconn.c; it doesn't do anything (23 May)
  * Talking to nosnilmot suggests that this ought to just be removed outright (24 May)
 * Figure out libNSS everything. (25 May)
 * Why am I getting single-byte serial numbers from servers? (25 May)
 * Work out how to use Glib functions for time checking on certificates. (29 May)
 * Stall the timeouts on the TCP connection while waiting for user input on SSL? (29 May)
 * Worry about ensuring that plugins don't kill in-use ciphers/certschemes when unloaded? (29 May)
 * GnuTLS and NSS should probably be configured to use g_malloc and g_free for paranoia's sake (1 June)

= Tasks done =
 * Figure out how to get key fingerprints out of GnuTLS (25 May, 25 May))

