#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: closed
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: fixed | Keywords: tofu
--------------------------+----------------------
Comment (by Kevin McCarthy <kevin@…>):
In [changeset:"f949694ea46134a12240c96deb3e3941e4038f4d"
6963:f949694ea461]:
{{{
#!CommitTicketReference repository=""
revision="f949694ea46134a12240c96deb3e3941e4038f4d"
Prevent skipped certs from showing a second time. (see #3916)
OpenSSL sometimes passes a skipped certificate to
ssl_verify_callback() a second time, with preverify_ok=1. From
OpenSSL's viewpoint there is nothing wrong with this, but mutt will
end up showing the certificate in the interactive prompt again.
Cache the last cert and position, and compare with the latest when
skip_mode and preverify_ok are both set.
}}}
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:80>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
