Description of problem: Imagine you've a SMTP relayhost/smarthost with a SSL certificate having the common name "mail.servername.tld". If I configure the following in .muttrc: set smtp_url="smtp://tux.tld" and try to send an e-mail via mutt, mutt of course complains that the name of the hostname doesn't match with the certifiate and offers the following possibilities. (r)eject, accept (o)nce, (a)ccept always If I choose "(a)ccept always", a copy of the certificate gets saved into the .mutt/certificate file - as expected. Then I'm quitting mutt and starting it again. I'm trying to send another e-mail. Unfortunately, I'm getting the same possibilities as before listed again: (r)eject, accept (o)nce, (a)ccept always If I choose "(a)ccept always" again, the certificate gets saved another (!) time in .mutt/certificate. That means the certificate is saved there twice. And if you do this a third time, it's there a third time. Which seems wrong to me. I'm expecting, that if I added already the first time an exception by using the "(a)ccept always", it never should ask me again and just sent the e-mail silent without bothering the user. That's at least how e.g. Firefox is doing this right now for exceptions. Version-Release number of selected component (if applicable): mutt-1.5.20-2.20091214hg736b6a.i686 How reproducible: Everytime, see above. Actual results: Mutt doesn't honor "(a)ccept always" as expected if certificate name doesn't match. Expected results: Mutt should honor "(a)ccept always" as expected - even if certificate name doesn't match.
Created attachment 436392 [details] mutt-1.5.20-smtp-ssl.patch Suggestion of the hack which makes things working as I'm expecting them...
Please send patches to the upstream list or trac, especially if it's for code we don't use in Fedora package :).
Oops, see what you mean. Well, GnuTLS has the same issue, but unfortunately I took OpenSSL rather GnuTLS for debugging... :(
Reported upstream; http://dev.mutt.org/trac/ticket/3345
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
I've just tested this failure with gnutls and openssl using current mutt-1.5.21. The result is, that it works as expected with gnutls but fails with openssl. Since mutt is built with gnutls in Fedora, I'm closing this for now and suggesting to follow the upstream bug report on http://dev.mutt.org/trac/ticket/3345. Please, feel free to re-open it if you want.