[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)



Hello Marcus!

On Tue, 02. Feb 2010, 18:18:34 +0100, Marcus C. Gottwald wrote:
> How can I make "msmtp" (version 1.4.19, Debian testing) trust
> a specific certificate? The certificate issuer is not known,
> I don't trust him, and I don't have a way to get hold of the
> certificate used to sign the one I'd like to trust.

There is currently no way to do that because there never was a need for
it.

The reason is that this situation does not match the TLS/SSL certificate
trust model. If the certificate issuer is not known and you do not trust
him, how can you trust a certificate he issued?

Nevertheless, one could add a 'tls_fingerprint' command that makes msmtp
trust one particular certificate, as an alternative to 'tls_trust_file'.
I guess this is how you tell other software packages to trust the
certificate, right?

Martin