Menu
▾
▴
Re: [fetchmail-devel] Fingerprint supplied should accept sslcertck warns
|
From: Matthias A. <mat...@gm...> - 2013-09-05 08:39:32
|
Am 05.09.2013 07:57, schrieb grarpamp: > Noticed a situation where sslcertck on an expired cert > is preventing access even though I've specified a fingerprint. > > This happens often when the service provider is up and > running just fine, but their management failed to plan for > cert renewals. End result, lock yourself out of mail till the > service renews, or lose both sslcertck and fingerprint > security to regain mail access. Not an ideal situation, > especially over hostile networks. > > IMO, if a user has specified a cert fp, yes, please warn if > any other cert check fails, but do not error out. Or at least > make warn the default action, and erroring out a configurable > option. For fetchmail 7 some more sophisticated configuration can be done, so thanks for that (I've added this to TODO-7.0). I will not change that for 6.X releases though. |
