On Wed, May 10, 2000 at 02:05:30PM +0200, Andre Wobst wrote:
> Hi,
>
> I've troubles with the imap ssl certificates, saved in the file
> certificate_file, which I set to ~/.mutt.certificate_file in my
> ~/.muttrc. If I do so, I can accept a certificate not only once but
> always (otherwise this option isn't available). The certificate is
> stored in the file ~/.mutt.certificate_file. But next time I start
> mutt again, it asks me again for the certificate check. If I accept it
> again, the certificate is again added to the file
> ~/.mutt.certificate_file and it is exactly the same like before -- now
> stored twice in the same file. How can I store the certificate that
> way, that mutt acceptes it automatically next time -- what's wrong in
> the way I'm doing it?
For starters, you're doing nothing wrong, mutt is.
The problem is that the X509_verify function, which I use to compare the
certificates, doesn't work quite the way I expected. Instead of
verifying the server certificate using the server public key (both
available after connecting to the server), it needs the issuer's public
key to verify the server certificate. If the server certificate is
self-signed, the public keys are the same and the verification succeeds,
otherwise not.
You might be able to use the automatic certificate verification by
getting the issuer's (public) certificate, it should be available
somewhere in your organization, and putting that in the
$certificate_file.
I'll see if I can fix this once I have the time. I really should start
reading for some exams... :)
--
Tommi Komulainen [EMAIL PROTECTED]
PGP signature
