Menu
▾
▴
Re: [fetchmail-devel] [fetchmail-users] fetchmail 6.3.18-pre1 snapshot up for testing
|
From: Matthias A. <mat...@gm...> - 2010-09-07 23:32:58
|
Am 03.09.2010, 06:38 Uhr, schrieb grarpamp: >> # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE > > As a general note, should the degree of lint checking potentially impact > CA/self/unsigned certs with various parametes that clueless operators > might > be using... if the user specifies the md5 and/or sha1 fingerprint, along > with a > future 'accept_fingerprint' option, that cert should be accepted despite > said > lint. Every so often someones business requirement forces them to use/do > silly things with certs :) I believe the changes made are quite conservative. The new code is at <http://gitorious.org/fetchmail/fetchmail/blobs/master/x509_name_match.c> and it's documented what I'm trying to refuse. Please raise any concerns you find. :) -- Matthias Andree |
