Psi

Accounts already have an "Ignore SSL warnings" option. A checkbox only needs to be added to the message box that stores its value in the account's already existing variable.

From RFC 3920!#14.2. Certificate Validation

"Case #3: The peer certificate is self-signed."
....
"2. The peer SHOULD show the certificate to a user for approval,
including the entire certificate chain. The peer MUST cache the
certificate (or some non-forgeable representation such as a
hash). In future connections, the peer MUST verify that the same
certificate was presented and MUST notify the user if it has
changed.
In Case #2 and Case #3, implementations SHOULD act as in (2) above."

This should be done, like cert in Psi, new must be accepted and is cached.

IMHO,
Ignore SSL warning will ignore all SSL warnings. Whereas with accept this certificate should mean that the present cert must be saved to ~/certs. So if next time the cert changes then it will again give an error. I dont think Ignore all SSL warnings is what halr9000 was looking for when he added this.

Yup, that's the idea.

Is there a documented manual way for users to import the certificate?

There also needs to be a way for a user to be asked if Psi should trust a ca-signed certificate that does not match the domain. iChat and Adium do this well.

Telling the client to ignore all SSL warnings increases the risk of MITM attacks, so it's a very poor solution to the problem.

you really should ask questions that are not related to fixing this bug either in the chat room, the forum or on the mailing list.

On most systems psi now uses the system certificate store so adding the cert there should help. If it doesn't you can add certs in .crt format (i.e. the ascii form) in $PSIDATADIR/cert (see wiki for details).

And no we don't yet have nice options to override the warning in a safe way. That's what this bug is about.

Resolution Reason: Fixed in SVN
This should be fixed by now