[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Proxy support patch



On Tue, Oct 7, 2014 at 1:28 PM, Ángel González <angel@...372...> wrote:
> CustaiCo wrote:
>> Because of how cleanly seperated the network code is from the rest of
>> the application, I'm fairly sure that there should be no leaks, unless
>> the ssl library decides to open it's own connections for no reason.
>
> Like doing an OCSP check?
>
> (although neither openssl nor gnutls seem to do that automatically
> nowadays)

Exactly like that, it's worth looking for, ie: can the user's TLS config or
TLS compile default turn on OCSP, and how to push that through
socks5, even if it means extending whatever TLS libs msmtp links
to handle it.

I very briefly scanned openssl 101i and 102b3 but did not see
a doc about configuring their TLS *library* to turn on OCSP.
However on command line there is:
 openssl ocsp
 openssl s_client -status
so the library config knob may be there somewhere I've not
found yet.

Even if not there today, I'd assume something may be there
tomorrow, whether OCSP, cert transparency, local server, etc.