Menu
▾
▴
Re: [fetchmail-devel] Assorted minor bugs
|
From: Brian C. <B.C...@po...> - 2004-11-08 13:22:56
|
> May I ask you to come up with a small patch that fixes _all_ violations > of the trust model in a first round, so that we _unconditionally_ print > all warnings, self-signed certificates, common name mismatches and so > on. These _are_ important warnings, if they are shown only in verbose > mode, that is a serious bug. OK, that turns out to be pretty straightforward. Note that when sslcertck is not set, our verify callback always returns 1 (OK) even if it given 0 (verify error). That's necessary to stop the SSL connection being dropped, but it can result in the callback being called multiple times, and and the same SSL error being displayed more than once. For example, before fixing this, with a self-signed certificate I got: fetchmail: Server certificate verification error: self signed certificate fetchmail: Server certificate verification error: self signed certificate I've fixed this by not displaying the same error message twice in succession. I've also used the _depth0ck variable to make sure that the once-off checking of CN and fingerprint really is done only once. fetchmail -v still displays additional information from the certificate, as it did before, but all errors should now be displayed even without -v. Regards, Brian. |
