[Users] Accepting certificates emitted by certificate authorities
Paul
claws at thewildbeast.co.uk
Sat Nov 9 09:01:29 CET 2019
On Thu, 7 Nov 2019 22:15:28 +0100
Jérôme <jerome at jolimont.fr> wrote:
> IIUC, this will accept all valid certificates, in other words I
> wouldn't be notified if a self-signed certificate was modified, which
> is not really what I intended.
You don't understand correctly. Claws Mail checks against the CA stores at
any or all (depending on what's available on your system) of the following
locations:
/etc/ssl/cert.pem
/etc/pki/tls/certs/ca-bundle.crt
/etc/certs/ca-bundle.crt
/etc/ssl/ca-bundle.pem
/usr/share/ssl/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/local/ssl/certs/ca-bundle.crt
/etc/apache/ssl.crt/ca-bundle.crt
/usr/share/curl/curl-ca-bundle.crt
/usr/share/curl/curl-ca-bundle.crt
/usr/lib/ssl/cert.pem
Therefore, a self-signed certificate would not be automatically valid.
with regards
Paul
More information about the Users
mailing list