<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #3087: No server hostname validation in SSL certificate



#3087: No server hostname validation in SSL certificate processing
------------------------+---------------------------------------------------
  Reporter:  gkloepfer  |       Owner:  mutt-dev                           
      Type:  defect     |      Status:  reopened                           
  Priority:  major      |   Milestone:                                     
 Component:  crypto     |     Version:  1.5.16                             
Resolution:             |    Keywords:  certificate server validation patch
------------------------+---------------------------------------------------
Changes (by pdmef):

  * keywords:  certificate server validation => certificate server
               validation patch


Comment:

 Here we go: attached is a patch that ports the hostname check from msmtp
 for OpenSSL to mutt. For the only IMAP server I have it works (certificate
 is for *.domain.tld, server is mail.domain.tld).

 I'm no OpenSSL expert, but the port is very straight forward, and
 annotating the source at sourceforge suggest the code in question is
 untouched for at least 3 years. So I think this is mature enough to
 include into mutt.

 Msmtp is GPLv3 so I think that won't be a problem, either.

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/3087#comment:5>
Mutt <http://www.mutt.org/>
The Mutt mail user agent