Henry Zhang wrote: > Hi Darren, > > I double-checked the source codes, seems that gkrellm doesn't use > certificate.
That doesn't seem correct. You said that it uses SSL (via OpenSSL) to protect connections to a mailserver. The mailserver if it is doing SSL will send certificates so gkrellm must be doing something with them - so what is it ? Does it it choose not to validate the certs ? If so that is really bad because it means that it is basically equivalent to not doing SSL at all (since the connection is now subject to an undetected Man in the Middle Attack). -- Darren J Moffat
