Red Hat Bugzilla – Bug 818922
evolution-data-server: Improper certificate validation in Evolution calendar caldav and addressbook webdav contact back-ends
Last modified: 2015-07-31 02:50:36 EDT
It was found that evolution-data-server, a back-end contacts, tasks and calendar information handling data server for Evolution, did not perform SSL certificates validation for secured connections. Evolution email client, using evolution-data-server's calendar caldav and addressbook webdav contact back-ends, holding the trust about the other side of the connection being the valid owner of the presented certificate, could be tricked into accepting a spoofed SSL certificate by mistake (MITM attack).
Upstream bug report:
(patch for evolution-data-server)
(patch for evolution)
This issue is known upstream.