Red Hat Bugzilla – Bug 857483
Apply patch to enable ssmtp to check server certificates when using TLS
Last modified: 2012-10-11 11:47:11 EDT
A Debian bug was filed about ssmtp not checking certificates:
And it includes a patch to enable checking of server certificates when using TLS:
We should include this patch.
Note that this isn't a security _flaw_ because the TLS file in the source tarball clearly states that this feature is missing:
* Check server certificate for changes and notify about it.
* Diffrent Certificate and Key file?
This patch would be ideal to have in both Fedora and EPEL ssmtp packages.
*** Bug 864894 has been marked as a duplicate of this bug. ***
Please refer to the SRT bug for this (one of these is a dupe, but using this as the dupe rather than the SRT/CVE bug).
*** This bug has been marked as a duplicate of bug 864894 ***