Commit ID aa31c2a326bee13ea0f558dac05f1bcf73a10936
|Contributor:||Matt McCutchen||Files Modified:||4|
|Date:||04-May-2012 at 12:28||Lines Added:||71|
|Repository:||git://git.gnome.org/evolution-data-server master||Lines Removed:||31|
|Commit Comment:||Bug #606181 - Accepting bad SSL certificate applies to any hostname
Change the Camel certdb to look up certificates by expected hostname.
This way, accepting a bad certificate for one mail server does not give
it a free pass to impersonate the user's other mail servers. Storing a
second bad certificate for the same server will replace the first, but
that should be OK (Mozilla PSM works the same way).
The camel-cert.db format is unchanged except that it can now contain
multiple entries for the same certificate with different hostnames, and
if it contains multiple certificates for the same hostname, all but the
last will be dropped (becoming permanent the next time the certdb is
Users who were taking advantage of evolution-data-server's previous,
vulnerable behavior of accepting a certificate for a hostname other than
the originally user-approved one will get bad certificate dialogs and
will need to re-approve the certificate for the desired hostname(s).
Note: Case insensitive compare of host names added by mcrha.
Copyright © 2013 Black Duck Software, Inc. and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a Creative Commons Attribution 3.0 Unported License . Ohloh ® and the Ohloh logo are trademarks of Black Duck Software, Inc. in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.