#3914: mutt stores duplicate certificates into $certificate-file on hostname
mismatch and interactive_check_cert = "allow always"
---------------------+----------------------
Reporter: m-a | Owner: mutt-dev
Type: defect | Status: new
Priority: minor | Milestone: 1.8
Component: crypto | Version: 1.7.2
Resolution: | Keywords:
---------------------+----------------------
Comment (by kevin8t8):
The validity timespan is a good point. I think a reasonable fix is to
call check_certificate_expiration() after comparing the cert inside
check_certificate_file(). This will respect the OPTSSLVERIFYDATES option
and matches the logic in check_certificate_by_digest(): if they have the
option turned off then that function doesn't care about dates either.
I'm attaching a revised patch with that change.
I don't think it's a good idea to present the "(a)lways accept" choice but
then refuse it afterwards. This may fit your flow better, but someone
else will complain that mutt shouldn't present the choice at all if it
won't do that.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3914#comment:5>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
