The variable we use to keep track of the watcher of the ssl connection should be unsigned. This isn't really a problem in Pidgin, where we use glib's mainloop and GIOChannels because glib starts assigning the handle IDs sequentially starting from 1. But if an eventloop implementation ever returns a handle ID greater than the largest possible signed integer (2,147,483,647) then we won't be able to remove the watcher because purple_ssl_close() in sslconn.c only removes it if inpa > 0, and since it interprets inpa as a signed value then handles over 2,147,483,647 appear as negative numbers. I stumbled upon this when playing around with libevent, which can use epoll. My implementation generated a random handle ID which was sometimes greater than 2,147,483,647. I don't believe this breaks binary compatibility. And I don't think it breaks source compatibility, but I guess it might depend on what compiler you're using.

#
# Makefile.mingw
#
# Description: Makefile for win32 (mingw) version of Pidgin ca-certs
#

PIDGIN_TREE_TOP := ../..
include $(PIDGIN_TREE_TOP)/libpurple/win32/global.mak

datadir := $(PIDGIN_INSTALL_DIR)
-include ./Makefile.am.mingw
cacertsdir := $(PIDGIN_INSTALL_DIR)/ca-certs

.PHONY: install clean

install: ./Makefile.am.mingw
	if test '$(cacerts_DATA)'; then \
	  mkdir -p $(cacertsdir); \
	  cp $(cacerts_DATA) $(cacertsdir); \
	fi;

clean:
	rm -f ./Makefile.am.mingw

./Makefile.am.mingw: ./Makefile.am
	sed -e 's/^if\ INSTALL_SSL_CERTIFICATES/ifeq (\$$(INSTALL_SSL_CERTIFICATES), 1)/' ./Makefile.am > $@