#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: closed
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: fixed | Keywords: tofu
--------------------------+----------------------
Comment (by m-a):
I have zero clue how crazy OpenSSL alternative chain building can get, and
that's my point. Since we have stuff in place to calculate a hash (SHA256
or longer preferred now that SHA1 is broken) and use it nearby, we might
also store the hash into a static buffer to see if it's really the same
certificate rather than second-guess from OpenSSL's allocation strategy.
Let's play it safe.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:73>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
