rapidly changing certs vs. manual verification
(Is this the main issue tracker for gajim?)
More and more sites start to use rapidly changing certs; letsencrypt is spreading and google is renewing biweekly or so. Every replace results dropped connections and require manual intervention. I understand it from the absolute security standpoint but it's suboptimal from user experience viewpoint.
Since these certs are chained to the known core CA certs it would be beneficial to be able to accept certs signed by (or chained to) well-known CAs (in the ca-certificates). If it should already work that way please tell me, since it doesn't appear to be so: I get a dropped connection for gtalk periodically and get a popup on the relogin to accept the new cert.