[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)

To: msmtp-users@lists.sourceforge.net
Subject: Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
From: "Marcus C. Gottwald" <mcg@...213...>
Date: Mon, 8 Feb 2010 20:40:52 +0100
In-reply-to: <20100207110906.GA12879@...161...>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=msmtp-users>
List-help: <mailto:msmtp-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion, questions & answers" <msmtp-users.lists.sourceforge.net>
List-post: <mailto:msmtp-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=unsubscribe>
Mail-followup-to: msmtp-users@lists.sourceforge.net
References: <20100202171834.GG3750@...214...> <20100202182545.GA25836@...161...> <20100202220419.GB3815@...214...> <20100207110906.GA12879@...161...>
User-agent: Mutt/1.5.20 (2009-06-14)

Good morning!

Martin Lambers wrote (Sun 2010-Feb-07 12:09:06 +0100):

> The current git version now has a tls_fingerprint command and
> corresponding --tls-fingerprint option.
> 
> This can be used to trust one particular certificate, regardless of its
> contents.

Pulled, built, and tested: works great for me, thanks a lot!

I may add that there seems to be a (small, theoretical) risk
with the way command-line arguments are treated: At least
"--tls-fingerprint" can be given multiple times, and the value
of the last one supersedes the value of previous ones. Since
"Mutt" wants to add "-f <envelopefrom>", "--" can't be used to
tell "msmtp" that only recipients' email addresses are supposed
to follow, and there might be a chance that someone could make
me send an email addressed to "--host=mail.badguy.com
--tls-fingerprint=...", so that the bad guy gets a chance to
sniff my password.

Personally, I'm using a small wrapper script anyway, so I'm
already happy with the way it is now. :-)


Thanks again,

Marcus

-- 
   Marcus C. Gottwald  ·  <mcg@...213...>  ·  https://cheers.de

Follow-Ups:
- Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: Martin Lambers <marlam@...23...>

References:
- [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: "Marcus C. Gottwald" <mcg@...213...>
- Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: "Marcus C. Gottwald" <mcg@...213...>
- Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
  - From: Martin Lambers <marlam@...23...>

Prev by Date: Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
Next by Date: Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
Previous by thread: Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
Next by thread: Re: [msmtp-users] How to make msmtp trust a specific certificate (not a CA certificate, not a self-signed one)
Index(es):
- Date
- Thread