Bug 429147 - Sylpheed reportedly doesn't allow for acceptance of a self-signed certificate
Summary: Sylpheed reportedly doesn't allow for acceptance of a self-signed certificate
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: sylpheed
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Michael Schwendt
QA Contact: Fedora Extras Quality Assurance
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-01-17 16:15 UTC by Lubomir Kundrak
Modified: 2008-01-17 18:04 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-01-17 18:04:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Lubomir Kundrak 2008-01-17 16:15:04 UTC 
Description of problem:

From Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355192

It seems like our version won't have the problem with accepting the expired
certificated, but they claim that it might be considered a security issue that a
unverifiable certificate can not be accepted permanently. I am not sure, so I
intentionally do not include Security keyword.

Could you please verify if you find something bad about the way sylpheed handles
the certificates and eventually communicate that upstream?
Comment 1 Michael Schwendt 2008-01-17 18:04:20 UTC 
It is known already. Users ask about it from time to time, e.g.
see: http://www.sraoss.jp/pipermail/sylpheed/2007-May/001233.html

Without a comfortable certificate management user-interface
where users must examine a certificate in detail, accepting a
self-signed certificates permanently would be insecure.
With a half-baked solution, users would simply click "OK"
without verifying a certificate actually.
Note You need to log in before you can comment on or make changes to this bug.