https://bugs.kde.org/show_bug.cgi?id=423453
Bug ID: 423453
Summary: Trojita might not validate TLS certificates in SMTP.
Product: trojita
Version: 0.7
Platform: Other
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: SMTP
Assignee: trojita-b...@kde.org
Reporter: 93s4m32gd2ab8...@mailbox.org
Target Milestone: ---
I have setup an email account, where the server is configured to present valid
certificates for both SMTP and IMAP (via Let's Encrypt.)
Now, I exchange the certificate for SMTP to a self-signed certificate and send
an email. Trojita does not complain and connects to the SMTP server providing a
username and a password via an potentially insecure connection. This is a
security issue.
When the IMAP certificate is exchanged to an invalid one, Trojita shows a
security warning. Here, everything seems to be fine.
Tested on Trojita 0.7-git in NixOS and Trojita 0.7 in Ubuntu.
--
You are receiving this mail because:
You are watching all bug changes.
