[Users] [Bug 3106] New: rssyl plugin does not verify SSL peer at all
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Tue Mar 11 09:36:05 CET 2014
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
Bug ID: 3106
Summary: rssyl plugin does not verify SSL peer at all
Classification: Unclassified
Product: Claws Mail
Version: 3.9.3
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Plugins/RSSyl
Assignee: users at lists.claws-mail.org
Reporter: meissner at suse.de
src/plugins/rssyl/feed.c has this code:
#if LIBCURL_VERSION_NUM >= 0x070a00
curl_easy_setopt(eh, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(eh, CURLOPT_SSL_VERIFYHOST, 0);
#endif
Meaning you are not checking ssl remote host validity at all.
Please do check it.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list