src/plugins/rssyl/feed.c has this code: #if LIBCURL_VERSION_NUM >= 0x070a00 curl_easy_setopt(eh, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(eh, CURLOPT_SSL_VERIFYHOST, 0); #endif Meaning you are not checking ssl remote host validity at all. Please do check it.
I think this is a remnant from early development, when I did not need to be bothered by extra errors from libcurl. However, while I agree that CURLOPT_SSL_VERIFYHOST should probably be enabled, I do not see any usefulness in enabling CURLOPT_SSL_VERIFYPEER. I do not really buy into the extortion racket that certificate authority companies run. At best, I am willing to make it a per-feed option, defaulting to off.
For the record, I plan to add both as per-feed options, with _VERIFYHOST defaulting to on, and _VERIFYPEER defaulting to off.
Andrej, any chance of committing a fix in the next week or so?
Changes related to this bug have been committed. Please check latest Git and update the bug accordingly. You can also get the patch from: http://git.claws-mail.org/ ++ ChangeLog 2014-04-29 10:36:03.469951194 +0200 http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=8a1b06bc6e820e913386ee560807ee8bd0314246 Merge: f2483bd 123cf6f Author: Colin Leroy <colin@colino.net> Date: Tue Apr 29 10:36:02 2014 +0200 Merge branch 'master' of file:///home/git/claws http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=123cf6fbfe84f47d6bf277efc835a1b353ed0c94 Author: Colin Leroy <colin@colino.net> Date: Tue Apr 29 10:33:38 2014 +0200 Implement SSL certificate verification option (default, and per-feed). Fixes bug #3106, "Rssyl plugin does not verify SSL peer at all" http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=dc6d8a1a1947544caa7b309d99b2614d61c6ec03 Author: Colin Leroy <colin@colino.net> Date: Tue Apr 29 10:04:02 2014 +0200 Fix pref label