Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 04 Apr 2001 23:21:12 -0700
From:      Nick Sayer <nsayer@quack.kfu.com>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: ports/mail/pine4-ssl Makefile distinfo pkg-comment         pkg-descr pkg-install pkg-plist ports/mail/pine4-ssl/files         extrapatch-aa extrapatch-ab pgpdecode pgpencrypt pgpsign
Message-ID:  <3ACC0ED8.70203@quack.kfu.com>
References:  <Pine.NEB.3.96L.1010404185458.24669E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Robert Watson wrote:

> Last I checked, and this was a while ago, the pine-ssl port was fairly
> broken in that its SSL implementation did not perform any certificate
> validation, meaning it was susceptible to man-in-the-middle attacks.  Has
> this imporved?  If not, SSL support for Pine should be strongly labeled as
> dangerous.  If it has improved, that is great news.

It has indeed improved. In fact, my original testing was made painful 
because of it. Since our installation of openssl does not install a root 
cert list, pine refuses to speak ssl to *any* site until you either add 
'novalidate-cert' to the site options or until you add the 
security/ca-roots port.

This prompts me to again call for the inclusion of the ca-roots file in 
/etc/ssl/certs.pem as part of the base install.

> 
> 
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
> robert@fledge.watson.org      NAI Labs, Safeport Network Services
> 
> On Wed, 4 Apr 2001, Nick Sayer wrote:
> 
>> nsayer      2001/04/04 14:54:32 PDT
>> 
>>   Removed files:
>>     mail/pine4-ssl       Makefile distinfo pkg-comment pkg-descr 
>>                          pkg-install pkg-plist 
>>     mail/pine4-ssl/files extrapatch-aa extrapatch-ab pgpdecode 
>>                          pgpencrypt pgpsign 
>>   Log:
>>   Scrap pine4-ssl port as a separate entity. Shortly the pine4 port will
>>   get a WITH_SSL=yes option, hopefully.
>> 
>> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ACC0ED8.70203>