[Users] [Bug 2199] Claws doesn't propery verify certification chain
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Thu Aug 22 10:33:56 CEST 2013
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2199
--- Comment #15 from Christopher Head <chead at chead.ca> ---
(In reply to comment #14)
> Not quite. If you look at the patch,
> https://github.com/dinhviethoa/libetpan/commit/
> cff50f652938fa0390ef421d311b4e86a36d246f we see "/* TODO: GnuTLS
> implementation */"
That is true, but: the API exists, so Claws might as well start consuming it.
Should the user choose to build against GnuTLS, Claws will not be able to
verify the chain, which is no worse than what we already have. Should the user
choose to build against OpenSSL, the situation will improve as the chain will
be verified. Finally, as soon as libetpan implements chain fetching for GnuTLS,
Claws will already be ready and GnuTLS users won't even need to recompile Claws
to reap the benefit, never mind wait for source-level fixes.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list