Re: IMAP certificate warning
- From: Carlos Morgado <chbm chbm nu>
- To: Balsa List <balsa-list gnome org>
- Subject: Re: IMAP certificate warning
- Date: Thu, 8 Nov 2001 21:46:27 +0000
On Thu, Nov 08, 2001 at 08:46:02PM +0100, Albrecht Dreß wrote:
>
> Am 08.11.2001 15:09:48 schrieb(en) Carlos Morgado:
> > actually, we go through the cert check functions, and where mutt would ask
> > the user 'what do you want to do now' we just put out that error and get
> > on with it.
> > the error message is a bit misleading, it doesn't mean the cert is invalid,
> > it means we couldn't verify it. that may happen cause we don't know the
> > signers key or somesuch. i'll have to check into this a bit harder, stare
> > down my openssl config and try to get some clue.
> >
> > brian, do you have any insight into all this openssl and cert checking
> > thing ? --
>
> There are several nice examples for OpenSSL usage at the following location
> (I used them to learn using libssl...): http://www.rtfm.com/openssl-examples/
>
neat tkx
> However, I think this is not the complete solution. As you already pointed
> out, libmutt used to check the cert. What we need at this point is some
balsa does too. if the current libmutt code (oh ... 6 months or so old mutt)
*can* verify the cert the warning won't be shown. anyway, i noticed mutt is
very picky about certs too and that's why i suspect my (*the*) openssl install.
if you don't have the root certs localy all certs will fail verification.
one thing mutt does and balsa doesn't is remember certs. that makes a world
of a diference
> dialog to present the certificate data to the user and ask him/her to either
> accept or reject it. Obviously, this can not be done inside libmutt, so IMHO
> this breaks the current structure.
>
absolutly correct. doing the correct interaction with the user means
extruding callbacks from src/ all the way into libmutt and openssl.
when i did the premilinary ssl support for 1.2 i just ignored it and marked
it "1.3". i also planned libmutt sync with mutt-stable during 1.3 so i
wanted to mess with libmutt as little as possible.
meanwhile something interesting has come up. the usage of openssl in mutt
has been contested cause of license issues. mutt contains some (bitroted)
NSS suport. nss is a openssl replacement done by the mozilla team, dual
licensed (gpl/mpl) and includes s/mime and x.509
i'm a bit out of touch with the actually nss support code but i guess given
choice i'd support it.
this is relevant cause user interaction is tied into openssl (i think .. the
openssl api scares me :))
--
Carlos Morgado - chbm(at)chbm(dot)nu - http://chbm.nu/ -- gpgkey: 0x1FC57F0A
http://wwwkeys.pgp.net/ FP:0A27 35D3 C448 3641 0573 6876 2A37 4BB2 1FC5 7F0A
"Some people have told me they don't think a fat penguin really embodies the
grace of Linux, which just tells me they have never seen a angry penguin
charging at them in excess of 100mph. They'd be a lot more careful about
what they say if they had." -- Linus Torvalds
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]