Bug 620978 - Mutt doesn't honor "(a)ccept always" as expected if certificate name doesn't match
Mutt doesn't honor "(a)ccept always" as expected if certificate name doesn't ...
Product: Fedora
Classification: Fedora
Component: mutt (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Honza Horak
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2010-08-03 18:01 EDT by Robert Scheck
Modified: 2011-10-27 10:24 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-10-27 10:24:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
mutt-1.5.20-smtp-ssl.patch (1.08 KB, patch)
2010-08-03 18:05 EDT, Robert Scheck
no flags Details | Diff

  None (edit)
Description Robert Scheck 2010-08-03 18:01:00 EDT
Description of problem:
Imagine you've a SMTP relayhost/smarthost with a SSL certificate having the 
common name "mail.servername.tld". If I configure the following in .muttrc:

  set smtp_url="smtp://tux@mail.otherservername.tld"

and try to send an e-mail via mutt, mutt of course complains that the name
of the hostname doesn't match with the certifiate and offers the following

  (r)eject, accept (o)nce, (a)ccept always

If I choose "(a)ccept always", a copy of the certificate gets saved into the
.mutt/certificate file - as expected. Then I'm quitting mutt and starting it
again. I'm trying to send another e-mail. Unfortunately, I'm getting the same
possibilities as before listed again:

  (r)eject, accept (o)nce, (a)ccept always

If I choose "(a)ccept always" again, the certificate gets saved another (!)
time in .mutt/certificate. That means the certificate is saved there twice.
And if you do this a third time, it's there a third time. Which seems wrong
to me.

I'm expecting, that if I added already the first time an exception by using
the "(a)ccept always", it never should ask me again and just sent the e-mail
silent without bothering the user. That's at least how e.g. Firefox is doing
this right now for exceptions.

Version-Release number of selected component (if applicable):

How reproducible:
Everytime, see above.

Actual results:
Mutt doesn't honor "(a)ccept always" as expected if certificate name doesn't 

Expected results:
Mutt should honor "(a)ccept always" as expected - even if certificate name 
doesn't match.
Comment 1 Robert Scheck 2010-08-03 18:05:02 EDT
Created attachment 436392 [details]

Suggestion of the hack which makes things working as I'm expecting them...
Comment 2 Miroslav Lichvar 2010-08-04 03:53:10 EDT
Please send patches to the upstream list or trac, especially if it's for code we don't use in Fedora package :).
Comment 3 Robert Scheck 2010-08-04 05:26:56 EDT
Oops, see what you mean. Well, GnuTLS has the same issue, but unfortunately
I took OpenSSL rather GnuTLS for debugging... :(
Comment 4 Robert Scheck 2010-08-24 13:11:18 EDT
Reported upstream; http://dev.mutt.org/trac/ticket/3345
Comment 5 Fedora Admin XMLRPC Client 2011-02-25 06:01:05 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 6 Honza Horak 2011-10-27 10:24:12 EDT
I've just tested this failure with gnutls and openssl using current mutt-1.5.21. The result is, that it works as expected with gnutls but fails with openssl. 

Since mutt is built with gnutls in Fedora, I'm closing this for now and suggesting to follow the upstream bug report on http://dev.mutt.org/trac/ticket/3345. 

Please, feel free to re-open it if you want.

Note You need to log in before you can comment on or make changes to this bug.