Package: starttls
Version: 0.10-3
Severity: normal
Looking through the source for starttls, i see that --verify sets the
int "opt_verify", but nothing else appears to use that variable. Am i
misunderstanding something?
If the goal is to make the starttls verify the remote host (which
would be a good thing security-wise), it doesn't look like it does
that. Also, if --verify is going to be made to work, a --cafile or
--cadir option should also be provided, so that the user can indicate
which certificate authorities should be trusted.
Thanks for maintaining starttls in debian!
--dkg
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages starttls depends on:
ii libc6 2.3.6.ds1-11 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
starttls recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
