[Users] [Bug 2718] Failure to check peer hostname when checking certificate

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu Aug 9 13:44:53 CEST 2012


--- Comment #10 from Colin Leroy  2012-08-09 13:44:53 ---
> IMHO if the hostname doesn't match certificate name then the admin should also
> fix the certificate,

I'm thinking it would bother numerous users using servers serving for multiple
domains with only one certificate matching only the real FQDN of the server.
For example, my server serves my domain, Paul's domain and three others, and
the certificate only matches my domain.

> otherwise I think we're leaving these known ones vulnerable to MITM attacks.

If the known ones are already subject of MITM, yes, but in any case that would
be too late for those.

If a MITM is attempted on clients for which the server certificate is already
known, the certificate would have to be changed, thus triggering the alert
(with or without my just-commited patch).

Configure bugmail: http://www.thewildbeast.co.uk/claws-mail/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Users mailing list