<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #3087: No server hostname validation in SSL certificate



#3087: No server hostname validation in SSL certificate processing
------------------------+---------------------------------------------------
  Reporter:  gkloepfer  |       Owner:  mutt-dev                           
      Type:  defect     |      Status:  reopened                           
  Priority:  major      |   Milestone:                                     
 Component:  crypto     |     Version:  1.5.16                             
Resolution:             |    Keywords:  certificate server validation patch
------------------------+---------------------------------------------------

Comment(by pdmef):

 For clarification on gplv2 vs. gplv3: The code in msmtp hasn't changed in
 years so I think we'll easily find a gplv2 licensed version. Second, the
 standard header in mutt sources states 'either version 2 of the License,
 or (at your option) any later version.' so that I don't think inclusion
 would really be a problem.

 As a side note: The file COPYRIGHT in the source states that parts may be
 under different licenses or in public domain. Maybe we should try to find
 out what code mutt includes and put that in a file somewhere or the
 manual? I think we should give more credit than just comments in the
 source in case we include bigger parts (like the regex engine, the various
 compat sources, the MD5/SHA1 implementations, etc.)

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/3087#comment:6>
Mutt <http://www.mutt.org/>
The Mutt mail user agent