[Users] [Bug 2718] Failure to check peer hostname when checking certificate

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu Aug 9 13:38:59 CEST 2012


http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2718





--- Comment #9 from Colin Leroy  2012-08-09 13:38:59 ---
Hi,

to sum it up, Dominique:

1) Only the Win32 version uses an included bundle, the *nix version tries to
find various distro-dependent file bundles. Your distro's path was left out,
sorry about that.

2) Yes, we always prompt users when hitting a new, previously unknown
certificate, be it "correctly" signed or not. (I don't think that
root-CA-signed certificates are anymore trustworthy than self-signed
certificates). This alleviates point 3, indeed. We also ask the user when a
known certificate changes (after renewal for example) and when it's expired.

3) Even if the user was asked for acceptation when reaching an unknown
certificate, the hostname check was "to be done by the user", which isn't very
good indeed. The patch I just commited fixes that by adding a warning about the
hostname in the SSL certificates alertpanels.

-- 
Configure bugmail: http://www.thewildbeast.co.uk/claws-mail/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the Users mailing list