[Users] [Bug 3106] New: rssyl plugin does not verify SSL peer at all

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Tue Mar 11 09:36:05 CET 2014


            Bug ID: 3106
           Summary: rssyl plugin does not verify SSL peer at all
    Classification: Unclassified
           Product: Claws Mail
           Version: 3.9.3
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Plugins/RSSyl
          Assignee: users at lists.claws-mail.org
          Reporter: meissner at suse.de

src/plugins/rssyl/feed.c has this code:

#if LIBCURL_VERSION_NUM >= 0x070a00
        curl_easy_setopt(eh, CURLOPT_SSL_VERIFYPEER, 0);
        curl_easy_setopt(eh, CURLOPT_SSL_VERIFYHOST, 0);

Meaning you are not checking ssl remote host validity at all.

Please do check it.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list