Bug 1196787

Summary: System default CA bundle not set as default in compiled-in default or config
Product: Red Hat Enterprise Linux 6 Reporter: William Yardley <wby+redhat>
Component: muttAssignee: Matej Mužila <mmuzila>
Status: CLOSED ERRATA QA Contact: Lukáš Zachar <lzachar>
Severity: unspecified Docs Contact: Filip Hanzelka <fhanzelk>
Priority: unspecified    
Version: 6.8CC: bnater, hhorak, mmuzila
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The system default CA bundle has been set as default in the compiled-in default setting or configuration in *mutt* Previously, when connecting to a new system via TLS/SSL, the *mutt* email client required the user to save the certificate. With this update, the system Certificate Authority (CA) bundle is set in *mutt* by default. As a result, *mutt* now connects via SSL/TLS to hosts with a valid certificate without prompting the user to approve or reject the certificate.
 Story Points: ---
Clone Of:
: 1388511 (view as bug list) Environment:
Last Closed: 2017-03-21 11:18:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1359256, 1388511    
Attachments:
Description Flags
add path to system ca-bundle to default configuration none

Description William Yardley 2015-02-26 18:27:10 UTC 
Description of problem:
When connecting to a new system via TLS / SSL, Mutt requires the user to save the certificate.

Version-Release number of selected component (if applicable):
1.5.20-7.20091214hg736b6a.el6

How reproducible:
Very


Steps to Reproduce:
1. Configure spoolfile (or folder, etc.) as imaps://[some host with valid cert]

Actual results:
Mutt prompts the user to save the certificate

Expected results:
Mutt uses the system default CA bundle in /etc/pki/tls/certs/ca-bundle.crt from the ca-certificates RPM.


Additional info:
Compiled in default is unset:
In muttrc(5):
       ssl_ca_certificates_file
              Type: path
              Default: “”

It also appears to not be configured in default configuration:
smtp01:$ rpm --verify mutt
smtp01:$ grep ssl_ca_certificates /etc/Muttrc | grep -v ^#
smtp01:$
Comment 2 Matej Mužila 2015-07-24 10:16:38 UTC 
Created attachment 1055671 [details]
add path to system ca-bundle to default configuration
Comment 12 errata-xmlrpc 2017-03-21 11:18:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0732.html