Am 05.09.2013 07:57, schrieb grarpamp:
> Noticed a situation where sslcertck on an expired cert
> is preventing access even though I've specified a fingerprint.
>
> This happens often when the service provider is up and
> running just fine, but their management failed to plan for
> cert renewals. End result, lock yourself out of mail till the
> service renews, or lose both sslcertck and fingerprint
> security to regain mail access. Not an ideal situation,
> especially over hostile networks.
>
> IMO, if a user has specified a cert fp, yes, please warn if
> any other cert check fails, but do not error out. Or at least
> make warn the default action, and erroring out a configurable
> option.
For fetchmail 7 some more sophisticated configuration can be done, so
thanks for that (I've added this to TODO-7.0).
I will not change that for 6.X releases though.
|
