Bug 620978 - Mutt doesn't honor "(a)ccept always" as expected if certificate name doesn't match
Summary: Mutt doesn't honor "(a)ccept always" as expected if certificate name doesn't ...
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: mutt   
(Show other bugs)
Version: rawhide
Hardware: All Linux
low
medium
Target Milestone: ---
Assignee: Honza Horak
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-03 22:01 UTC by Robert Scheck
Modified: 2011-10-27 14:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-10-27 14:24:12 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
mutt-1.5.20-smtp-ssl.patch (1.08 KB, patch)
2010-08-03 22:05 UTC, Robert Scheck
no flags Details | Diff

Description Robert Scheck 2010-08-03 22:01:00 UTC
Description of problem:
Imagine you've a SMTP relayhost/smarthost with a SSL certificate having the 
common name "mail.servername.tld". If I configure the following in .muttrc:

  set smtp_url="smtp://tux@mail.otherservername.tld"

and try to send an e-mail via mutt, mutt of course complains that the name
of the hostname doesn't match with the certifiate and offers the following
possibilities.

  (r)eject, accept (o)nce, (a)ccept always

If I choose "(a)ccept always", a copy of the certificate gets saved into the
.mutt/certificate file - as expected. Then I'm quitting mutt and starting it
again. I'm trying to send another e-mail. Unfortunately, I'm getting the same
possibilities as before listed again:

  (r)eject, accept (o)nce, (a)ccept always

If I choose "(a)ccept always" again, the certificate gets saved another (!)
time in .mutt/certificate. That means the certificate is saved there twice.
And if you do this a third time, it's there a third time. Which seems wrong
to me.

I'm expecting, that if I added already the first time an exception by using
the "(a)ccept always", it never should ask me again and just sent the e-mail
silent without bothering the user. That's at least how e.g. Firefox is doing
this right now for exceptions.

Version-Release number of selected component (if applicable):
mutt-1.5.20-2.20091214hg736b6a.i686

How reproducible:
Everytime, see above.

Actual results:
Mutt doesn't honor "(a)ccept always" as expected if certificate name doesn't 
match.

Expected results:
Mutt should honor "(a)ccept always" as expected - even if certificate name 
doesn't match.

Comment 1 Robert Scheck 2010-08-03 22:05:02 UTC
Created attachment 436392 [details]
mutt-1.5.20-smtp-ssl.patch

Suggestion of the hack which makes things working as I'm expecting them...

Comment 2 Miroslav Lichvar 2010-08-04 07:53:10 UTC
Please send patches to the upstream list or trac, especially if it's for code we don't use in Fedora package :).

Comment 3 Robert Scheck 2010-08-04 09:26:56 UTC
Oops, see what you mean. Well, GnuTLS has the same issue, but unfortunately
I took OpenSSL rather GnuTLS for debugging... :(

Comment 4 Robert Scheck 2010-08-24 17:11:18 UTC
Reported upstream; http://dev.mutt.org/trac/ticket/3345

Comment 5 Fedora Admin XMLRPC Client 2011-02-25 11:01:05 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 6 Honza Horak 2011-10-27 14:24:12 UTC
I've just tested this failure with gnutls and openssl using current mutt-1.5.21. The result is, that it works as expected with gnutls but fails with openssl. 

Since mutt is built with gnutls in Fedora, I'm closing this for now and suggesting to follow the upstream bug report on http://dev.mutt.org/trac/ticket/3345. 

Please, feel free to re-open it if you want.


Note You need to log in before you can comment on or make changes to this bug.