#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
--------------------------+----------------------
Comment (by kratem32):
I understand that this behavior makes sense from the perspective of
openssl but assuming the "old behavior" is a feature, this new behavior is
a bug.
Please note there are quite a few tutorials and example configurations our
there that suggest this configuration, therefore I suspect I am not the
only one missing this feature.
And since the purpose of this is to reduce the attack vector of the CA
systems, using the provider CA is not really a solution.
On the last comment please note that many providers (like mine) use
extended validation caertificates calid for 5 years, so it is not really
painful but can add security. In any case this decision is something for
the user I think.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:16>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
