Hi all. It seems that mutt fails to check the validity of a SMTP
servers certificate during a TLS connection. In my mutt configuration
I have
set ssl_starttls = yes
set ssl_force_tls = yes
However, after performing the steps below I found that mutt did not
properly validate the remote servers SMT
On Tue, Mar 08, 2011 at 12:36:01PM +1100, dave b wrote:
> Hi all. It seems that mutt fails to check the validity of a SMTP
> servers certificate during a TLS connection. In my mutt configuration
> I have
>
> set ssl_starttls = yes
> set ssl_force_tls = yes
>
> However, after performing the steps
On 8 March 2011 19:00, Joachim Schipper wrote:
> On Tue, Mar 08, 2011 at 12:36:01PM +1100, dave b wrote:
>> Hi all. It seems that mutt fails to check the validity of a SMTP
>> servers certificate during a TLS connection. In my mutt configuration
>> I have
>>
>> set ssl_starttls = yes
>> set ssl_fo
Actually it doesn't seem like switching the configuration 'fixes' the issue.
If I have
set smtp_url = "smtps://tes...@lola.com"
set ssl_starttls = yes
set ssl_force_tls = yes
It _still_ connects to the 'incorrect server' fine(I expect it to
connect to lola.com and it connects to gmail's smtp ser
> If I have
>
> set smtp_url = "smtps://tes...@lola.com:587"
> set ssl_starttls = yes
> set ssl_force_tls = yes
>
> mutt is unable to connect.
In this case, shouldn't you disable ssl_starttls ?
tim
___
Full-Disclosure - We believe in it.
Charter: htt
Instead of telling me what configurations to use why don't you test
them out and tell me what happens?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia
Um. Sorry, but I didn't want to be sent 100 different configurations
to test when perhaps someone knows about a configuration which is
'correct'.
So my test case as you pointed out did contain an error.
Here are the test case(s) I think you wanted me to run.
1. a muttrc with just
set smtp_url = "s
I should add that mutt hanging on the
set smtp_url = "smtps://tes...@lola.com:587"
configuration is what I would expect to happen.
As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I
am not mistaken.
Please do point out if I have gotten this completely incorrect.
___
> As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I
> am not mistaken.
>
> Please do point out if I have gotten this completely incorrect.
Nope, you're right, it looks like I got the two mixed up.
Good catch on the lack of certificate validation.
tim
___
On 9 March 2011 16:41, Tim wrote:
>> As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I
>> am not mistaken.
>>
>> Please do point out if I have gotten this completely incorrect.
>
>
> Nope, you're right, it looks like I got the two mixed up.
> Good catch on the lack of certifica
On 9 March 2011 16:41, Timhttps://lists.grok.org.uk/mailman/listinfo/full-disclosure>> wrote:
It also turns out that I didn't test this issue enough. As I didn't
test with both gnutls and openssl. I only tested with gnutls. Mutt
actually works as I would expect with imaps, smtps and smtp -- with
> Hi,
>
> I've tested this behaviour using both - gnutls and openssl - and it seems
> like the only difference is that there is an error printed using openssl:
> "Certificate host check failed: certificate owner does not match hostname
> imap.myhost.web".
>
> In both cases a user can accept the cer
12 matches
Mail list logo
