[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cannot open: elmo-network-initialize-session



At Sun, 17 Oct 2010 19:52:14 +0200,
David Maus wrote:
> [1  <text/plain; US-ASCII (7bit)>]
> At Fri, 08 Oct 2010 20:24:00 -0400,
> Ian D. Leroux wrote:
> > Ok.  The way WL uses openssl is somewhat broken [1], in ways that can
> > be worked around by setting ssl-certificate-verification-policy to a
> > large value.  I haven't heard of any problems with gnutls, though I
> > haven't used it.
> 
> FYI gnutls-cli works fine but/and rejects secure connections to hosts
> w/o a valid certificate.  Debian GNU/Linux uses gnutls by default[1]

To clear up my earlier, somewhat ambiguous phrasing: WL w/ openssl
"works fine" in that it connects (I use it), but does *not* reject
(in)secure connections to hosts whose certificate validity it cannot
establish.  This leaves you wide open to man-in-the-middle attacks,
and should be avoided, either by using gnutls-cli as on Debian or by
using stunnel, which I'd like to try someday soon.

Ian Leroux