Red Hat Bugzilla – Bug 429147
Sylpheed reportedly doesn't allow for acceptance of a self-signed certificate
Last modified: 2008-01-17 13:04:20 EST
Description of problem:
From Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355192
It seems like our version won't have the problem with accepting the expired
certificated, but they claim that it might be considered a security issue that a
unverifiable certificate can not be accepted permanently. I am not sure, so I
intentionally do not include Security keyword.
Could you please verify if you find something bad about the way sylpheed handles
the certificates and eventually communicate that upstream?
It is known already. Users ask about it from time to time, e.g.
Without a comfortable certificate management user-interface
where users must examine a certificate in detail, accepting a
self-signed certificates permanently would be insecure.
With a half-baked solution, users would simply click "OK"
without verifying a certificate actually.