#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
--------------------------+----------------------
Comment (by m-a):
Replying to [comment:57 kevin8t8]:
> I glanced quickly, and as you mentioned in comment:56 there is one extra
test that needs to be removed from ssl_verify_callback(), just before the
second call to interactive_check_cert():
>
> {{{
> if ((pos != 0) && (quadoption (OPT_SSLVERIFYPARTIAL) == MUTT_YES))
> {
> SSL_set_ex_data (ssl, SkipModeExDataIndex, &SkipModeExDataIndex);
> return 1;
> }
> }}}
>
> That was for the previous "auto-skip" functionality of the quadoption.
Killed from my revised patch.
> The other small issue is generating documentation. We'll need to add
whatever #ifdef test we use into doc/makedoc-defs.h so the option is
always generated in the documentation.
Done. Please find attachment:ticket-3916-verify-partial-v2-boolopt.patch​
that appears to work for me and addresses your concerns about
documentation. It goes directly on top of the default branch as of r6957
aka d15de76f7123.
> Finally, it sounds like we agree on attachment:ticket-3916-clear-
errs-v2.patch. So I will just go ahead and push that version up shortly.
Thanks. That helps.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:59>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
