Description of problem: From Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355192 It seems like our version won't have the problem with accepting the expired certificated, but they claim that it might be considered a security issue that a unverifiable certificate can not be accepted permanently. I am not sure, so I intentionally do not include Security keyword. Could you please verify if you find something bad about the way sylpheed handles the certificates and eventually communicate that upstream?
It is known already. Users ask about it from time to time, e.g. see: http://www.sraoss.jp/pipermail/sylpheed/2007-May/001233.html Without a comfortable certificate management user-interface where users must examine a certificate in detail, accepting a self-signed certificates permanently would be insecure. With a half-baked solution, users would simply click "OK" without verifying a certificate actually.