Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - gilinko

Pages: [1]
1
1.2.1 / SSL in email module
« on: March 03, 2009, 06:57:06 am »
Currently the Email module usage of SSL in connecting to a IMAP/POP server is flawed. If SSL is specified but the certificate of the server is self signed it will silently die, which is not a desired behavior. One of three changes has to be made:

1)
If the user specifies that a SSL connection should be used, the flag /novalidate-cert should be set to ignore a valid or unsigned certificate. Not to good for security but always works. Flags reference: http://se.php.net/manual/en/function.imap-open.php

2)
If the user specifies that a SSL connection should be used, a further option of ignoring expired/self-signed certificate use should be allowed (and set the novalidate -cert flag)

3)
If the user specifies that a SSL connection should be used, a warning have to appear when accessing the email module with the option to ignore the failing certificate.

Pages: [1]