Hello Martin! Martin Lambers wrote (Tue 2010-Feb-02 19:25:45 +0100):
> > How can I make "msmtp" (version 1.4.19, Debian testing) trust > > a specific certificate? The certificate issuer is not known, > > I don't trust him, and I don't have a way to get hold of the > > certificate used to sign the one I'd like to trust. > > There is currently no way to do that because there never was a need for > it. The practical example is that I am forced to use a specific SMTP server for submitting certain emails. That SMTP server offers SSL/TLS, but presents a certificate issued by the operator's own, "private" CA. Nevertheless, I want to make sure that I am really talking to that server and that communication is encrypted. > ... If the certificate issuer is not known and you do not trust > him, how can you trust a certificate he issued? Hm. What risk is there, if I have enough assurance that that specific certificate belongs to that one SMTP server? You are right in that I don't (want to) trust the issuer more than necessary, so I actually wouldn't add the CA certificate to my list of trusted CA certificates, even if I had a copy of it. > Nevertheless, one could add a 'tls_fingerprint' command that makes msmtp > trust one particular certificate, as an alternative to 'tls_trust_file'. > I guess this is how you tell other software packages to trust the > certificate, right? Well, my Web browsers display certificate details, ask me, and then store a copy of the certificate somewhere. "Mutt" displays certificate details, asks me, and then stores a copy of the certificate in "~/.mutt_certificates" (together with some additional information, like the host name). Yes, "tls_fingerprint" should work for me. Initially, I thought I could use "tls_trust_file" the "Mutt" way. Then I understood that the file is supposed to hold (only) CA certificates. I could imagine that offering "tls_cacerts_file" (which would be replacing "tls_trust_file") and "tls_certs_file" would make sense. Best regards, Marcus -- Marcus C. Gottwald · <[email protected]> · https://cheers.de ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ msmtp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/msmtp-users
