Bug#745556: kmail accepts invalid SMTP TLS certificate against user action

To: 745556@bugs.debian.org, 745556-submitter@bugs.debian.org
Subject: Bug#745556: kmail accepts invalid SMTP TLS certificate against user action
From: Jim Scadden <jims@silentasylum.co.uk>
Date: Mon, 26 May 2014 16:45:49 +0100
Message-id: <[🔎] 20140526154549.GB4801@wheezy.tsa.lan>
Reply-to: Jim Scadden <jims@silentasylum.co.uk>, 745556@bugs.debian.org

On Tue, Apr 22, 2014 at 10:33:28PM +0300, Rémi Denis-Courmont wrote:
> The "continue" button yields another dialog letting the user choose how
> long to accept the certificate, either forever, or only for the current
> session. If the dialog is closed without answer, Kmail assumes forever.
> At that point, the mail feeder will happily send user credentials over
> to the untrusted server.

This is a problem with kio. Closing the dialog causes the default option 
to be selected. I have raised this in KDE BTS along with a proposed 
patch: https://bugs.kde.org/show_bug.cgi?id=335375

-- 

Jim Scadden

Reply to:

Prev by Date: Bug#746897: qtquick1-opensource-src: ftbfs with GCC-4.9
Next by Date: Processing of qtsvg-opensource-src_5.3.0-1_amd64.changes
Previous by thread: Bug#749336: designer plugins libqwebview.so and libqquickwidget.so are installed to qttools5-examples
Next by thread: Processing of qtsvg-opensource-src_5.3.0-1_amd64.changes
Index(es):
- Date
- Thread