#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering higher links of the cert' chain --------------------------+---------------------- Reporter: kratem32 | Owner: mutt-dev Type: enhancement | Status: new Priority: minor | Milestone: 1.8 Component: crypto | Version: Resolution: | Keywords: tofu --------------------------+----------------------
Comment (by m-a): Replying to [comment:57 kevin8t8]: > I glanced quickly, and as you mentioned in comment:56 there is one extra test that needs to be removed from ssl_verify_callback(), just before the second call to interactive_check_cert(): > > {{{ > if ((pos != 0) && (quadoption (OPT_SSLVERIFYPARTIAL) == MUTT_YES)) > { > SSL_set_ex_data (ssl, SkipModeExDataIndex, &SkipModeExDataIndex); > return 1; > } > }}} > > That was for the previous "auto-skip" functionality of the quadoption. Killed from my revised patch. > The other small issue is generating documentation. We'll need to add whatever #ifdef test we use into doc/makedoc-defs.h so the option is always generated in the documentation. Done. Please find attachment:ticket-3916-verify-partial-v2-boolopt.patch​ that appears to work for me and addresses your concerns about documentation. It goes directly on top of the default branch as of r6957 aka d15de76f7123. > Finally, it sounds like we agree on attachment:ticket-3916-clear- errs-v2.patch. So I will just go ahead and push that version up shortly. Thanks. That helps. -- Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:59> Mutt <http://www.mutt.org/> The Mutt mail user agent