On Mon, Feb 06, 2017 at 10:04:51PM +0000, isdtor wrote: > One thing I'd like to see fixed in a release, or at least explained, is > expired certificates handling. > > set certificate_file="~/.mutt/certificates" > > Since I started using the current config, the file has grown to 81 > entries, most of them from Google as they roll over their gmail certs > frequently. As it turns out, more than 60 of them are > expired. Recently, after upgrading from 1.7.1 to 1.7.2 (and tested > tip, too), I got this when logging into gmail:
1.7.2 changed very little with respect to OpenSSL and certificate handling: there were just a few fixes to make it compile with OpenSSL 1.1. However, default branch tip does have a change to the certificate verification behavior: https://dev.mutt.org/hg/mutt/rev/b985c324932b This switches to using OpenSSL's built-in verification routines using SSL_set_verify(). When you upgraded to 1.7.2, was this a vanilla mutt version? -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
