3914 – possibility to specify designated CA whose certificates are accepted by default

Bug 3914 - possibility to specify designated CA whose certificates are accepted by default

Summary: possibility to specify designated CA whose certificates are accepted by default

Status:	NEW

Alias:	None

Product:	Claws Mail (GTK 2)
Classification:	Unclassified
Component:	UI (show other bugs)
Version:	3.16.0
Hardware:	All All

Importance:	P3 enhancement
Assignee:	users

URL:

Depends on:
Blocks:

Reported:	2017-11-11 18:42 UTC by Ricardo Mones
Modified:	2017-11-12 12:29 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Ricardo Mones 2017-11-11 18:42:36 UTC

Quoting original submitter:

,-------
| As discussed in #608344 claws-mail has an account option to
| automatically accept certificates signed by CAs in
| /etc/ssl/certs/ca-certificates.crt.
|
| For some accounts I would like to configure a specific CA certificate
| (or a set of certificates) by which the server certificate has to be
| signed to be automatically accepted. This is useful for cases in which
| the CA in question is not in the globally trusted CAs or you want to
| narrow down what CAs are valid for that specific account.
|
| Currently claws-mail does not seem to have such an option, but it
| would be great if it would be added in a future version.
`-------

Original report at: https://bugs.debian.org/880907

Thanks in advance,

Comment 1 Andrej Kacian 2017-11-12 12:29:43 UTC

Sounds like a good simple enhancement for someone who wants to get started working on Claws Mail.
All the pieces are there, they just need putting together. :)

- add an account pref for path to the custom cert bundle (or directory)
- adjust ssl_init_socket() to use this pref; the SockInfo struct even already has pointer to the account

Note You need to log in before you can comment on or make changes to this bug.