Hide Forgot
A Debian bug report [1] indicated that Sylpheed does not warn you when an SSL certificate has expired. I tried this on Fedora 15 with sylpheed-3.1.1-1.fc15 and had it obtain a certificate from my server, and told it to accept it permanently (saved to ~/.sylpheed-2.0/trust.crt). I did this with today's date. Then I set the date to a month from now and it still accepts the certificate: % cat trust.crt| openssl x509 -fingerprint -sha1 -text|grep After Not After : Nov 20 14:45:33 2011 GMT % date Mon Nov 28 08:49:09 MST 2011 Apparently Sylpheed has suffered from other SSL-related weaknesses in the past, and it looks like this may have worked previously but no longer seems to. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355192#98
Created sylpheed tracking bugs for this issue Affects: fedora-all [bug 749931]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.