The variable we use to keep track of the watcher of the ssl connection should be unsigned. This isn't really a problem in Pidgin, where we use glib's mainloop and GIOChannels because glib starts assigning the handle IDs sequentially starting from 1. But if an eventloop implementation ever returns a handle ID greater than the largest possible signed integer (2,147,483,647) then we won't be able to remove the watcher because purple_ssl_close() in sslconn.c only removes it if inpa > 0, and since it interprets inpa as a signed value then handles over 2,147,483,647 appear as negative numbers. I stumbled upon this when playing around with libevent, which can use epoll. My implementation generated a random handle ID which was sometimes greater than 2,147,483,647. I don't believe this breaks binary compatibility. And I don't think it breaks source compatibility, but I guess it might depend on what compiler you're using.

/** @page certificate-signals Certificate Signals

 @signals
  @signal certificate-stored
  @signal certificate-deleted
 @endsignals

 @see certificate.h

 <hr>

 @signaldef certificate-stored
  @signalproto
void (*certificate_stored)(PurpleCertificatePool *pool, const gchar *id, gpointer data);
  @endsignalproto
  @signaldesc
   Emitted when a pool stores a certificate. Connect to the pool instance.
  @param pool    Pool the certificate has been stored into
  @param id      Key the certificate was stored under
 @endsignaldef

 @signaldef certificate-deleted
  @signalproto
void (*certificate_deleted)(PurpleCertificatePool *pool, const gchar *id, gpointer data);
  @endsignalproto
  @signaldesc
   Emitted when a pool deletes a certificate. Connect to the pool instance.
  @param pool    Pool the certificate was deleted from
  @param id      Key that was deleted
 @endsignaldef

 */
// vim: syntax=c.doxygen tw=75 et