From owner-cvs-all Wed Apr 4 23:21:19 2001 Delivered-To: cvs-all@freebsd.org Received: from quack.kfu.com (quack.kfu.com [205.178.90.194]) by hub.freebsd.org (Postfix) with ESMTP id 4DD8237B43F; Wed, 4 Apr 2001 23:21:14 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from medusa.kfu.com (medusa.kfu.com [205.178.90.222]) by quack.kfu.com (8.11.1/8.11.1) with ESMTP id f356LEh69940; Wed, 4 Apr 2001 23:21:14 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from icarus.kfu.com (ssmail@localhost) by medusa.kfu.com (8.11.3/8.11.3) with ESMTP id f356LDm01955; Wed, 4 Apr 2001 23:21:13 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from quack.kfu.com (localhost [::1]) by icarus.kfu.com (8.11.3/8.11.3) with ESMTP id f356LDa71058; Wed, 4 Apr 2001 23:21:13 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Message-ID: <3ACC0ED8.70203@quack.kfu.com> Date: Wed, 04 Apr 2001 23:21:12 -0700 From: Nick Sayer User-Agent: Mozilla/5.0 (X11; U; FreeBSD 4.3-RC i386; en-US; 0.8) Gecko/20010321 X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4-ssl Makefile distinfo pkg-comment pkg-descr pkg-install pkg-plist ports/mail/pine4-ssl/files extrapatch-aa extrapatch-ab pgpdecode pgpencrypt pgpsign References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Robert Watson wrote: > Last I checked, and this was a while ago, the pine-ssl port was fairly > broken in that its SSL implementation did not perform any certificate > validation, meaning it was susceptible to man-in-the-middle attacks. Has > this imporved? If not, SSL support for Pine should be strongly labeled as > dangerous. If it has improved, that is great news. It has indeed improved. In fact, my original testing was made painful because of it. Since our installation of openssl does not install a root cert list, pine refuses to speak ssl to *any* site until you either add 'novalidate-cert' to the site options or until you add the security/ca-roots port. This prompts me to again call for the inclusion of the ca-roots file in /etc/ssl/certs.pem as part of the base install. > > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > On Wed, 4 Apr 2001, Nick Sayer wrote: > >> nsayer 2001/04/04 14:54:32 PDT >> >> Removed files: >> mail/pine4-ssl Makefile distinfo pkg-comment pkg-descr >> pkg-install pkg-plist >> mail/pine4-ssl/files extrapatch-aa extrapatch-ab pgpdecode >> pgpencrypt pgpsign >> Log: >> Scrap pine4-ssl port as a separate entity. Shortly the pine4 port will >> get a WITH_SSL=yes option, hopefully. >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message