[Users] [Bug 3660] SSL Cert change shown on previously accepted certificates.

blind Pete peter_s_d at fastmail.com.au
Thu Jul 14 06:05:22 CEST 2016


On Tue, 12 Jul 2016 15:55:19 +0000
noreply at thewildbeast.co.uk wrote:

> http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3660
> 
> Andrej Kacian <andrej at kacian.sk> changed:
> 
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>              Status|NEW                         |RESOLVED
>          Resolution|---                         |INVALID
> 
> --- Comment #1 from Andrej Kacian <andrej at kacian.sk> ---
> See "unsafe_ssl_certs" hidden preference at
> http://www.claws-mail.org/manual/claws-mail-manual.html#adv_hidden
> 

I am not the original poster, and am an amateur with regard to SSL
certificates.  Please feel free to shout at me - if you think that I
deserve it.  

First, I am guessing that the mailing list is the place for this,
rather than adding to the bug report.  

You have lost me.  There might be two different problems confusing
things.  Problem one is that there are such things as SSL certificates
for URLs that have wild cards in them.  AIUI these are dangerous and
facilitate phishing scams.  Problem two is that there can be multiple
valid certificates for a single non-wildcarded URL, either issued by
different authorities or even the same authority.  To the best of my
understanding this situation offers no security risk, just an
inconvenience. 

Are you referring to, 

    skip_ssl_cert_check 

    Disables the verification of SSL certificates when set 
    to '1'.  Default value is '0'.

or to, 

    unsafe_ssl_certs

    Allows Claws Mail to remember multiple SSL certificates 
    for a given server/port when set to '1'. This is disabled 
    by default ('0'). 

The name "unsafe_ssl_certs" suggests that it refers to SSL certs for
wildcarded URLs (problem one), but the text describes problem two,
which in my limited understanding is a non-problem.  

Can anyone please offer enlightenment? 

-- 
testing
bP



More information about the Users mailing list