#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
--------------------------+----------------------
Comment (by m-a):
To make a reasonable comment, I'd need to know if OpenSSL allows short-
circuiting the chain, and write some experimental code. In doubt we might
have to run the callback on the entire chain, pretending success, logging
OpenSSL's and mutt's view of "verified" and "trusted" separately, storing
intermediate data, and defer the whole approval and decision making to the
point when we get called back for the host certificate, and then use the
entire data set. Quite a bit of an effort, for a quite unique feature...
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:34>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
