Or, it's just old cruft that is no longer used. As per datallah's response:
"If you don't look carefully, it may appear that the NSS plugin doesn't do any validation of the SSL certificates, but that isn't the case; the validation is done, just not by the SSL_AuthCertificateHook hook."
"If you look at ssl-nss.c#l454, you'll see that before the SSL connection is considered "connected" from libpurple's perspective, ssl_nss_handshake_cb is called to validate the certificate using the libpurple's purple_certificate_verify functionality."
This is why you don't jump to conclusions, throw out an emotional diatribe, and generally make an ass of yourself when writing bug reports.
"If you don't look carefully, it may appear that the NSS plugin doesn't do any validation of the SSL certificates, but that isn't the case; the validation is done, just not by the SSL_AuthCertificateHook hook."
"If you look at ssl-nss.c#l454, you'll see that before the SSL connection is considered "connected" from libpurple's perspective, ssl_nss_handshake_cb is called to validate the certificate using the libpurple's purple_certificate_verify functionality."
This is why you don't jump to conclusions, throw out an emotional diatribe, and generally make an ass of yourself when writing bug reports.