Bug#191846: balsa: need magic to enable SMTP TLS
- From: Miquel van Smoorenburg <miquels cistron nl>
- To: submit bugs debian org
- Subject: Bug#191846: balsa: need magic to enable SMTP TLS
- Date: Sun, 4 May 2003 12:42:48 +0200
Package: balsa
Version: 2.0.10-1
Tags: upstream sid
If you enable SMTP TLS in Settings -> Preferences -> Mail Servers ->
Use TLS
then it often doesn't work, and you're not able to send mail. This
is because libesmtp insists on being able to verify the SSL
certificate. For that, it needs the key of the root certificate in
~/.authenticate/ca.pem. If you put the root cert key there it will
work.
Severe problems here are:
- this isn't documented *anywhere*. I found a pointer on a mailinglist
somewhere, and had to read the source code of libesmtp.
- Balsa doesn't show any error except 'could not send message'.
Suggested fix:
- if setting up an SMTP TLS session fails because the certificate of
the remote server could not be verified, balsa should report in a
pop-up window:
Failed to set up encrypted TLS session - the certificate of
the remote mail server could not be verified. Please put the
public key of the root CA in ~/.authenticate/ca.pem
or something similar. For mortals this will still be a confusing
message, but an experienced user can use this message to (help
a mortal to) solve the problem.
In this case, if "Use TLS" is set to "if possible", balsa should
probably NOT try to fall back to an unencrypted session. TLS is
possible, in theory, and the user might count on an encrypted link.
- if setting up an SMTP TLS session fails because the remote SMTP
server doesn't accepts STARTTLS and "Use TLS" is set to "required"
balsa should report:
Failed to set up encrypted TLS session - the SMTP server
does not support TLS.
- If possible in libesmtp, the "Mail Servers" configuration section
should include an option like:
[ ] Allow unverified certificates with TLS
.. this will make it much easier for people talking to SMTP servers
using self-signed certificates for which it is sometimes hard to
get the public key of the root CA from the administrator.
Mike.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]